Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module.
Max CVSS
6.4
EPSS Score
0.83%
Published
2010-03-31
Updated
2018-10-10
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Max CVSS
6.8
EPSS Score
0.37%
Published
2010-03-24
Updated
2010-12-14
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
Max CVSS
5.8
EPSS Score
0.26%
Published
2010-03-23
Updated
2010-03-24
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.32%
Published
2010-03-19
Updated
2010-03-22
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
Max CVSS
5.0
EPSS Score
0.19%
Published
2010-03-30
Updated
2010-06-21
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2010-03-30
Updated
2010-03-31
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
Max CVSS
10.0
EPSS Score
4.90%
Published
2010-03-10
Updated
2018-10-10
admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.
Max CVSS
7.5
EPSS Score
0.94%
Published
2010-03-05
Updated
2017-09-19
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
Max CVSS
7.5
EPSS Score
0.54%
Published
2010-03-05
Updated
2017-09-19
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Max CVSS
7.5
EPSS Score
0.54%
Published
2010-03-05
Updated
2017-09-19
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Max CVSS
7.5
EPSS Score
0.48%
Published
2010-03-03
Updated
2017-09-19
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!