High
CVE-2008-6009
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
Tag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 124/128 • 15317 CVEs.
Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access” · RSS (High+Critical only)
About “Unauthenticated/Unauthorized Access”
A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15317 CVEs for this tag (all time). In the last 365 days, 3826 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2009-01-30
2009-01-28
High
CVE-2008-6001
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field…
2009-01-27
High
CVE-2009-0280
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
2009-01-22
High
CVE-2008-5945
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details ar…
2009-01-09
High
CVE-2009-0108
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAM…
2009-01-08
High
CVE-2008-5880
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
High
CVE-2008-5873
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
2009-01-05
High
CVE-2008-5840
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.
2008-12-31
Critical
CVE-2008-5784
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
High
CVE-2008-5783
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
2008-12-26
High
CVE-2008-5738
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obt…
Medium
CVE-2008-5721
SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
2008-12-19
Medium
CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp foll…
2008-12-17
Critical
CVE-2008-4223
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
2008-12-15
High
CVE-2008-5576
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
2008-12-12
High
CVE-2008-5497
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
2008-12-10
Critical
CVE-2008-5407
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 221…
2008-12-01
Medium
CVE-2008-5296
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of…
2008-11-18
High
CVE-2008-5158
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
Medium
CVE-2008-5125
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
2008-11-13
High
CVE-2008-5065
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
2008-11-12
High
CVE-2008-5042
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
High
CVE-2008-5040
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
2008-11-04
High
CVE-2008-4921
board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from thi…
Medium
CVE-2008-4413
Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 and B.11.23, and SMH 2.2.6 and 2.2.8 and earlier on HP-UX B.11.23 and B.11.31, allows local users t…
2008-11-01
Medium
CVE-2008-4875
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (d…
2008-10-29
High
CVE-2008-4784
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php…
High
CVE-2008-4783
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
2008-10-27
High
CVE-2008-4752
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
2008-10-23
High
CVE-2008-4721
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
High
CVE-2008-4714
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative ac…
High
CVE-2008-4708
BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.
2008-10-21
High
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
2008-10-18
High
CVE-2008-4600
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
2008-10-15
Critical
CVE-2008-3466
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary progra…
2008-10-14
Medium
CVE-2008-2625
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors…
2008-10-09
High
CVE-2008-4515
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3)…
2008-10-08
Medium
CVE-2008-3814
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote…
2008-09-30
High
CVE-2008-4341
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
High
CVE-2008-4334
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
2008-09-29
Medium
CVE-2008-4319
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrar…
2008-09-25
High
CVE-2008-4244
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
2008-09-16
Medium
CVE-2008-3611
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attac…
2008-09-15
High
CVE-2008-4081
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
2008-08-20
High
CVE-2008-3729
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin…
2008-08-12
High
CVE-2008-3602
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
2008-08-08
High
CVE-2008-3557
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
2008-08-07
Medium
CVE-2008-3508
LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.
2008-08-04
High
CVE-2008-3454
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
High
CVE-2008-3423
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
2008-07-31
Medium
CVE-2008-3407
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
2008-07-30
High
CVE-2008-3375
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized da…
2008-07-25
High
CVE-2008-3317
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
High
CVE-2008-3318
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
High
CVE-2008-3319
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
High
CVE-2008-3320
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
High
CVE-2008-3321
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
High
CVE-2008-3322
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
High
CVE-2008-3299
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the deta…
High
CVE-2008-3300
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown;…
Medium
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin…
2008-07-24
Medium
CVE-2008-3292
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
2008-07-18
High
CVE-2008-3211
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
2008-06-26
Medium
CVE-2008-2062
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authenticati…
Medium
CVE-2008-2730
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication,…
2008-06-16
Critical
CVE-2008-2705
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to…
2008-06-12
High
CVE-2008-2682
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserNam…
2008-06-09
High
CVE-2008-1106
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spo…
2008-06-04
High
CVE-2008-2406
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
2008-06-03
Medium
CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured…
Medium
CVE-2008-2524
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
Critical
CVE-2008-2528
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network re…
2008-05-20
High
CVE-2008-2346
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
2008-05-18
High
CVE-2008-2282
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
High
CVE-2008-2293
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
High
CVE-2008-2297
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably…
High
CVE-2008-2298
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
2008-05-16
High
CVE-2008-2269
AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE.
2008-05-01
High
CVE-2008-2044
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authenticati…
2008-04-17
Medium
CVE-2007-6714
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which caus…
2008-04-14
Critical
CVE-2008-0961
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
2008-04-04
High
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow rem…
2008-03-31
High
CVE-2008-0706
Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an a…
2008-03-28
High
CVE-2008-0926
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication v…
2008-03-17
Medium
CVE-2008-1356
Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors t…
2008-03-13
High
CVE-2008-1334
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end…
2008-03-10
Critical
CVE-2008-1242
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session f…
Critical
CVE-2008-1255
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously…
Critical
CVE-2008-1259
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP…
2008-02-22
Medium
CVE-2008-0895
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
2008-01-22
Critical
CVE-2008-0377
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.
2008-01-16
Medium
CVE-2008-0293
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vector…
2008-01-10
Medium
CVE-2008-0210
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 param…
2008-01-09
Medium
CVE-2008-0150
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypas…
2007-12-20
Medium
CVE-2007-6430
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host…
2007-12-17
High
CVE-2007-6414
admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credent…
Medium
CVE-2007-6398
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
2007-12-04
High
CVE-2007-6226
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login acces…
Critical
CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
2007-11-27
Medium
CVE-2007-6145
Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
2007-11-19
Critical
CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gen…
2007-11-16
Critical
CVE-2007-6011
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: th…
2007-11-10
Medium
CVE-2007-5920
index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can…
2007-11-06
High
CVE-2007-5845
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE:…
2007-11-03
High
CVE-2007-5797
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username…
2007-10-18
High
CVE-2007-5578
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qr…
2007-10-12
High
CVE-2007-5431
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the…
Critical
CVE-2007-5383
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors i…
Medium
CVE-2007-5384
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as a…
2007-09-26
Medium
CVE-2007-5113
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profil…
Medium
CVE-2007-5085
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vecto…
2007-09-05
High
CVE-2007-4723
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a…
2007-08-31
Medium
CVE-2007-4632
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabl…
2007-08-27
Critical
CVE-2007-4548
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, depl…
2007-08-16
Medium
CVE-2007-4373
The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.
2007-07-27
Critical
CVE-2007-4043
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE…
2007-07-25
Medium
CVE-2007-3986
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a…
Medium
CVE-2007-3964
Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.
2007-07-23
Medium
CVE-2007-3945
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication cont…
2007-07-19
Critical
CVE-2007-3907
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involv…