Export limit exceeded: 12423 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12423 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3050 | 1 Chameleon Cms | 1 Chameleon Cms | 2026-04-23 | N/A |
| Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2026-04-23 | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | ||||
| CVE-2008-5296 | 1 Gallery | 1 Gallery | 2026-04-23 | N/A |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2062 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | ||||
| CVE-2008-5407 | 1 Symantec | 1 Backup Exec For Windows Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | ||||
| CVE-2009-2063 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | ||||
| CVE-2009-2065 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2009-2067 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2009-2068 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2008-5575 | 1 Proclanmanager | 1 Pro Clan Manager | 2026-04-23 | N/A |
| Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2026-04-23 | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | ||||
| CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2026-04-23 | N/A |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | ||||
| CVE-2009-2168 | 1 Egyplus | 1 7ammel | 2026-04-23 | 9.8 Critical |
| cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | ||||
| CVE-2008-5692 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | ||||
| CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2026-04-23 | N/A |
| The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | ||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2026-04-23 | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | ||||
| CVE-2008-5964 | 1 Impresscms | 1 Impresscms | 2026-04-23 | N/A |
| Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-6118 | 1 Goople Cms | 1 Goople Cms | 2026-04-23 | N/A |
| win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | ||||
| CVE-2009-2382 | 1 Jay-jayx0r | 1 Phpmyblockchecker | 2026-04-23 | 9.8 Critical |
| admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | ||||