| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. |
| Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. |
| E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." |
| Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. |
| login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. |
| Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. |
| Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information. |
| The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. |
| PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. |
| Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. |
