Export limit exceeded: 14253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10877 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6445 | 1 Yourplace | 1 Yourplace | 2025-04-09 | N/A |
| Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2025-04-09 | N/A |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | ||||
| CVE-2008-7179 | 1 Otmanager | 1 Otmanager Cms | 2025-04-09 | N/A |
| OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | ||||
| CVE-2008-6440 | 2 Cerberus, Webgroupmedia | 2 Cerberus Helpdesk, Cerberus Helpdesk | 2025-04-09 | N/A |
| Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. | ||||
| CVE-2009-0021 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2025-04-09 | N/A |
| NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2008-6411 | 1 Explay | 1 Explay Cms | 2025-04-09 | N/A |
| Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. | ||||
| CVE-2007-5162 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-09 | N/A |
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | ||||
| CVE-2009-0642 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-09 | N/A |
| ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | ||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2025-04-09 | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-0614 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-09 | N/A |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | ||||
| CVE-2008-5686 | 1 Ibm | 1 Tivoli Provisioning Manager | 2025-04-09 | N/A |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | ||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | N/A |
| Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | ||||
| CVE-2009-0591 | 1 Openssl | 1 Openssl | 2025-04-09 | N/A |
| The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | ||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2025-04-09 | N/A |
| TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | ||||
| CVE-2009-0051 | 1 Zxid | 1 Zxid | 2025-04-09 | N/A |
| ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-0049 | 1 Eid | 1 Eidlib | 2025-04-09 | N/A |
| Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2009-0048 | 1 Openevidence | 1 Openevidence | 2025-04-09 | N/A |
| OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2025-04-09 | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | ||||
| CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2025-04-09 | N/A |
| The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | ||||
| CVE-2009-0047 | 1 Gale | 1 Gale | 2025-04-09 | N/A |
| Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | ||||