Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
Max CVSS
7.5
EPSS Score
3.43%
Published
2009-12-29
Updated
2017-08-17
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
Max CVSS
2.6
EPSS Score
0.47%
Published
2009-12-23
Updated
2010-01-06
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Max CVSS
6.8
EPSS Score
4.42%
Published
2009-12-21
Updated
2018-10-10
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.14%
Published
2009-12-08
Updated
2009-12-09
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.
Max CVSS
5.8
EPSS Score
0.49%
Published
2009-12-02
Updated
2017-08-17
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
Max CVSS
7.2
EPSS Score
0.09%
Published
2009-12-01
Updated
2024-01-16
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.65%
Published
2009-11-29
Updated
2017-08-17
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
Max CVSS
5.0
EPSS Score
0.79%
Published
2009-11-29
Updated
2017-08-17
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
Max CVSS
7.5
EPSS Score
0.75%
Published
2009-11-18
Updated
2017-09-19
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
Max CVSS
7.5
EPSS Score
0.56%
Published
2009-11-10
Updated
2017-08-17
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.
Max CVSS
5.0
EPSS Score
2.45%
Published
2009-11-04
Updated
2009-11-05
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
Max CVSS
5.0
EPSS Score
1.35%
Published
2009-10-30
Updated
2018-10-10
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
Max CVSS
5.8
EPSS Score
0.28%
Published
2009-10-09
Updated
2017-08-17
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
Max CVSS
6.8
EPSS Score
1.65%
Published
2009-11-02
Updated
2017-08-17
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
Max CVSS
7.8
EPSS Score
4.35%
Published
2009-10-30
Updated
2023-02-13
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
Max CVSS
5.8
EPSS Score
0.49%
Published
2009-12-02
Updated
2017-08-17
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2009-09-30
Updated
2009-10-01
Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
Max CVSS
5.0
EPSS Score
0.29%
Published
2009-09-28
Updated
2018-10-10
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
6.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2017-09-19
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
6.8
EPSS Score
1.56%
Published
2009-09-25
Updated
2017-09-19
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
9.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2024-02-13
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.49%
Published
2009-09-18
Updated
2009-09-22
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Max CVSS
9.3
EPSS Score
0.89%
Published
2009-09-17
Updated
2024-02-13
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Max CVSS
6.8
EPSS Score
1.42%
Published
2009-09-17
Updated
2024-02-13
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
1.88%
Published
2009-09-10
Updated
2017-09-19
211 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!