A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2009-09-30
Updated
2009-10-01
Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
Max CVSS
5.0
EPSS Score
0.29%
Published
2009-09-28
Updated
2018-10-10
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
6.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2017-09-19
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
6.8
EPSS Score
1.56%
Published
2009-09-25
Updated
2017-09-19
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
9.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2024-02-13
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.49%
Published
2009-09-18
Updated
2009-09-22
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Max CVSS
9.3
EPSS Score
0.89%
Published
2009-09-17
Updated
2024-02-13
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Max CVSS
6.8
EPSS Score
1.42%
Published
2009-09-17
Updated
2024-02-13
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
1.88%
Published
2009-09-10
Updated
2017-09-19
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.
Max CVSS
4.8
EPSS Score
0.17%
Published
2009-09-08
Updated
2024-02-13
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Max CVSS
7.1
EPSS Score
0.31%
Published
2009-09-28
Updated
2017-08-17
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Max CVSS
6.8
EPSS Score
1.06%
Published
2009-09-04
Updated
2017-09-19
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
Max CVSS
7.5
EPSS Score
0.87%
Published
2009-09-08
Updated
2017-09-29
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
Max CVSS
6.8
EPSS Score
0.65%
Published
2009-09-02
Updated
2017-09-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!