Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
Max CVSS
7.5
EPSS Score
3.43%
Published
2009-12-29
Updated
2017-08-17
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.
Max CVSS
7.2
EPSS Score
0.09%
Published
2009-12-01
Updated
2024-01-16
myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.65%
Published
2009-11-29
Updated
2017-08-17
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
Max CVSS
7.5
EPSS Score
0.75%
Published
2009-11-18
Updated
2017-09-19
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
Max CVSS
7.5
EPSS Score
0.56%
Published
2009-11-10
Updated
2017-08-17
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.
Max CVSS
7.8
EPSS Score
4.35%
Published
2009-10-30
Updated
2023-02-13
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2009-09-30
Updated
2009-10-01
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
9.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2024-02-13
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.49%
Published
2009-09-18
Updated
2009-09-22
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Max CVSS
9.3
EPSS Score
0.89%
Published
2009-09-17
Updated
2024-02-13
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
1.88%
Published
2009-09-10
Updated
2017-09-19
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
Max CVSS
10.0
EPSS Score
92.97%
Published
2009-12-11
Updated
2018-10-10
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Max CVSS
7.1
EPSS Score
0.31%
Published
2009-09-28
Updated
2017-08-17
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
Max CVSS
7.5
EPSS Score
0.93%
Published
2009-07-28
Updated
2017-09-19
The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
Max CVSS
10.0
EPSS Score
45.63%
Published
2009-12-09
Updated
2023-12-07
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Max CVSS
9.8
EPSS Score
2.65%
Published
2009-07-10
Updated
2024-02-13
The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection.
Max CVSS
7.5
EPSS Score
0.63%
Published
2009-07-30
Updated
2017-08-17
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
Max CVSS
9.8
EPSS Score
2.47%
Published
2009-07-08
Updated
2024-02-13
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-07-05
Updated
2017-09-19
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
Max CVSS
7.8
EPSS Score
0.69%
Published
2009-06-30
Updated
2018-10-10
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
Max CVSS
7.5
EPSS Score
2.04%
Published
2009-06-26
Updated
2017-09-19
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
Max CVSS
7.5
EPSS Score
1.92%
Published
2009-06-26
Updated
2017-09-19
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
Max CVSS
9.8
EPSS Score
0.71%
Published
2009-06-22
Updated
2024-02-13
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
Max CVSS
7.5
EPSS Score
1.12%
Published
2009-06-18
Updated
2017-09-29
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.
Max CVSS
7.5
EPSS Score
0.39%
Published
2009-08-13
Updated
2017-08-17
116 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!