logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
12.83%
Published
2006-12-28
Updated
2018-10-17
Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors.
Max CVSS
5.0
EPSS Score
0.37%
Published
2006-12-23
Updated
2011-03-08
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
Max CVSS
7.5
EPSS Score
1.08%
Published
2006-12-21
Updated
2024-01-25
Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."
Max CVSS
7.5
EPSS Score
2.10%
Published
2006-12-18
Updated
2017-07-29
Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.
Max CVSS
7.5
EPSS Score
1.75%
Published
2006-12-04
Updated
2017-07-29
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
Max CVSS
7.5
EPSS Score
2.46%
Published
2006-11-16
Updated
2017-07-20
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-11-08
Updated
2017-07-20
Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.54%
Published
2006-10-17
Updated
2018-10-17
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-09-29
Updated
2018-10-17
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
Max CVSS
7.5
EPSS Score
3.42%
Published
2006-08-31
Updated
2018-10-17
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
Max CVSS
7.5
EPSS Score
1.90%
Published
2006-08-08
Updated
2018-10-18
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
Max CVSS
7.5
EPSS Score
17.23%
Published
2006-05-30
Updated
2018-10-18
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
Max CVSS
7.5
EPSS Score
5.31%
Published
2006-05-22
Updated
2018-10-18
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
Max CVSS
4.3
EPSS Score
42.00%
Published
2006-06-13
Updated
2019-04-30

CVE-2006-2369

Public exploit
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
Max CVSS
7.5
EPSS Score
97.18%
Published
2006-05-15
Updated
2022-05-13
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
Max CVSS
5.0
EPSS Score
12.50%
Published
2006-05-05
Updated
2018-10-18
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.
Max CVSS
6.4
EPSS Score
7.36%
Published
2006-08-25
Updated
2018-10-18
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
Max CVSS
5.1
EPSS Score
3.24%
Published
2006-03-14
Updated
2018-10-18
WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-02-18
Updated
2018-10-19
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
1.83%
Published
2006-02-15
Updated
2018-10-19
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
8.91%
Published
2006-02-15
Updated
2018-10-19
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
10.32%
Published
2006-02-15
Updated
2018-10-19
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
Max CVSS
6.4
EPSS Score
0.21%
Published
2006-02-10
Updated
2013-01-03
Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-02-09
Updated
2017-07-20
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
1.64%
Published
2006-02-08
Updated
2018-10-19
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!