Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
Max CVSS
6.9
EPSS Score
0.10%
Published
2009-02-20
Updated
2017-08-17
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
Max CVSS
7.5
EPSS Score
0.24%
Published
2009-02-20
Updated
2009-06-25
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
Max CVSS
6.8
EPSS Score
2.14%
Published
2009-02-20
Updated
2017-09-29
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
Max CVSS
9.0
EPSS Score
0.39%
Published
2009-02-26
Updated
2018-11-08
Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."
Max CVSS
10.0
EPSS Score
0.30%
Published
2009-02-10
Updated
2011-03-08
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
Max CVSS
7.5
EPSS Score
0.73%
Published
2009-02-10
Updated
2017-10-19
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
Max CVSS
7.5
EPSS Score
0.73%
Published
2009-02-10
Updated
2017-10-19
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
Max CVSS
6.5
EPSS Score
0.27%
Published
2009-02-22
Updated
2017-08-08
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
Max CVSS
7.5
EPSS Score
0.79%
Published
2009-02-03
Updated
2018-10-11
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
Max CVSS
4.0
EPSS Score
0.17%
Published
2009-02-13
Updated
2009-02-13
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Max CVSS
6.2
EPSS Score
0.04%
Published
2009-02-13
Updated
2018-10-11
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
Max CVSS
10.0
EPSS Score
1.85%
Published
2009-02-13
Updated
2011-03-08
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
Max CVSS
7.5
EPSS Score
5.00%
Published
2009-02-26
Updated
2017-09-29
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
1.76%
Published
2009-02-26
Updated
2017-08-17
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
Max CVSS
7.5
EPSS Score
5.67%
Published
2009-02-25
Updated
2017-09-29
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-02-20
Updated
2017-09-29
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-02-16
Updated
2017-09-29
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.0
EPSS Score
0.48%
Published
2009-02-13
Updated
2017-08-17
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
0.93%
Published
2009-02-13
Updated
2017-08-17
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
Max CVSS
7.5
EPSS Score
5.00%
Published
2009-02-11
Updated
2017-09-29
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
Max CVSS
7.5
EPSS Score
2.04%
Published
2009-02-09
Updated
2017-09-29
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
Max CVSS
6.8
EPSS Score
4.81%
Published
2009-02-03
Updated
2024-03-19
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
5.19%
Published
2009-02-03
Updated
2018-10-11
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-02-06
Updated
2009-07-23
24 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!