Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-2058 | 1 Apple | 1 Safari | 2017-08-17 | N/A |
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||
CVE-2009-1905 | 1 Ibm | 1 Db2 | 2017-08-17 | N/A |
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | ||||
CVE-2009-1595 | 1 Igniterealtime | 1 Openfire | 2017-08-17 | N/A |
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | ||||
CVE-2009-1390 | 3 Gnu, Mutt, Openssl | 3 Gnutls, Mutt, Openssl | 2017-08-17 | N/A |
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | ||||
CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | N/A |
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | ||||
CVE-2009-0892 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | N/A |
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | ||||
CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | N/A |
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | ||||
CVE-2009-0669 | 1 Zope | 1 Zodb | 2017-08-17 | N/A |
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | ||||
CVE-2009-0662 | 1 Plone | 2 Plone, Plonepas | 2017-08-17 | N/A |
The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors. | ||||
CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2017-08-17 | N/A |
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | ||||
CVE-2009-0591 | 1 Openssl | 1 Openssl | 2017-08-17 | N/A |
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | ||||
CVE-2008-7081 | 1 Raidsonic | 1 Icy Box Nas | 2017-08-17 | N/A |
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-7008 | 1 Hyperstop | 1 Web Host Directory | 2017-08-17 | N/A |
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db. | ||||
CVE-2008-6984 | 1 Parallels | 1 Plesk | 2017-08-17 | N/A |
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3. | ||||
CVE-2008-6707 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2017-08-17 | N/A |
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." | ||||
CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2017-08-17 | N/A |
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | ||||
CVE-2008-6455 | 1 Edikon | 1 Phpshop | 2017-08-17 | N/A |
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2017-08-17 | N/A |
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-6300 | 1 Gwm | 1 Galatolo Webmanager | 2017-08-17 | N/A |
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-6131 | 1 Mozilo | 1 Mozilowiki | 2017-08-17 | N/A |
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |