Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.
Max CVSS
7.5
EPSS Score
1.19%
Published
2009-03-24
Updated
2017-09-29
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
Max CVSS
5.5
EPSS Score
0.09%
Published
2009-03-31
Updated
2017-08-17
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
Max CVSS
5.5
EPSS Score
0.15%
Published
2009-03-25
Updated
2017-08-17
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
Max CVSS
7.5
EPSS Score
0.65%
Published
2009-03-10
Updated
2017-09-29
login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.
Max CVSS
6.8
EPSS Score
0.65%
Published
2009-03-09
Updated
2018-10-10
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Max CVSS
2.6
EPSS Score
0.79%
Published
2009-03-27
Updated
2017-08-17
The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
Max CVSS
7.1
EPSS Score
89.18%
Published
2009-03-10
Updated
2023-12-07
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
Max CVSS
6.8
EPSS Score
1.55%
Published
2009-03-31
Updated
2017-08-17
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
Max CVSS
7.5
EPSS Score
2.31%
Published
2009-03-30
Updated
2017-09-29
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
Max CVSS
7.5
EPSS Score
0.65%
Published
2009-03-25
Updated
2017-09-29
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
0.64%
Published
2009-03-13
Updated
2017-08-17
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.42%
Published
2009-03-09
Updated
2017-08-17
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
Max CVSS
5.0
EPSS Score
0.22%
Published
2009-03-06
Updated
2009-03-10
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
Max CVSS
7.5
EPSS Score
1.66%
Published
2009-03-06
Updated
2017-09-29
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
Max CVSS
3.5
EPSS Score
0.19%
Published
2009-03-31
Updated
2017-08-17
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!