Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2017-09-29 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. | |||||
| CVE-2009-1580 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | |||||
| CVE-2009-2040 | 1 Grestul | 1 Grestul | 2017-09-29 | 7.5 HIGH | N/A |
| admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
| CVE-2008-7045 | 1 Ajsquare | 1 Free Polling Script | 2017-09-29 | 6.4 MEDIUM | N/A |
| AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. | |||||
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2017-09-29 | 7.5 HIGH | N/A |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | |||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | |||||
| CVE-2008-6815 | 1 Myktools | 1 Myktools | 2017-09-29 | 5.0 MEDIUM | N/A |
| mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | |||||
| CVE-2008-7006 | 1 Phpversion | 1 Php Vx Guestbook | 2017-09-29 | 5.0 MEDIUM | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php. | |||||
| CVE-2008-6307 | 1 E-topbiz | 1 Link Back Checker | 2017-09-29 | 7.5 HIGH | N/A |
| E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | |||||
| CVE-2008-7179 | 1 Otmanager | 1 Otmanager Cms | 2017-09-29 | 7.5 HIGH | N/A |
| OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | |||||
| CVE-2008-6719 | 1 Uochm | 1 Justlistit | 2017-09-29 | 7.5 HIGH | N/A |
| U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php. | |||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2017-09-29 | 7.5 HIGH | N/A |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||
| CVE-2008-6863 | 1 Xigla | 1 Absolute Form Processor.net | 2017-09-29 | 7.5 HIGH | N/A |
| Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-7086 | 1 Maianscriptworld | 1 Maian Greetings | 2017-09-29 | 7.5 HIGH | N/A |
| Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||||
| CVE-2008-6857 | 1 Xigla | 1 Absolute Podcast.net | 2017-09-29 | 7.5 HIGH | N/A |
| Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-6939 | 1 Turnkeyforms | 1 Web Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | |||||
| CVE-2008-7019 | 1 Esqlanelapse | 1 Esqlanelapse | 2017-09-29 | 7.5 HIGH | N/A |
| Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies. | |||||
| CVE-2008-6743 | 1 Shock-therapy | 1 Rsmscript | 2017-09-29 | 7.5 HIGH | N/A |
| RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php. | |||||
| CVE-2008-7007 | 1 Phpversion | 1 Php Vx Guestbook | 2017-09-29 | 7.5 HIGH | N/A |
| Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | |||||
| CVE-2008-6861 | 1 Xigla | 1 Absolute Newsletter | 2017-09-29 | 7.5 HIGH | N/A |
| Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||