Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
Max CVSS
7.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2024-02-16
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.
Max CVSS
7.5
EPSS Score
0.33%
Published
2005-12-31
Updated
2008-09-05
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
Max CVSS
4.0
EPSS Score
0.07%
Published
2005-12-31
Updated
2019-07-31
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
Max CVSS
7.5
EPSS Score
1.38%
Published
2005-12-05
Updated
2012-10-22
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.
Max CVSS
5.0
EPSS Score
0.53%
Published
2005-12-03
Updated
2019-07-16
phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory.
Max CVSS
7.5
EPSS Score
1.27%
Published
2005-09-14
Updated
2017-07-11
ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.
Max CVSS
7.5
EPSS Score
0.85%
Published
2005-09-08
Updated
2016-10-18
B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.
Max CVSS
7.5
EPSS Score
1.13%
Published
2005-08-03
Updated
2017-07-11
class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
Max CVSS
7.5
EPSS Score
0.81%
Published
2005-07-11
Updated
2016-10-18
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
Max CVSS
7.5
EPSS Score
1.17%
Published
2005-06-12
Updated
2016-10-18
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."
Max CVSS
7.5
EPSS Score
0.59%
Published
2005-06-13
Updated
2017-07-11
Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t.
Max CVSS
7.5
EPSS Score
1.38%
Published
2005-05-31
Updated
2016-10-18
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
Max CVSS
7.1
EPSS Score
2.02%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
Max CVSS
4.6
EPSS Score
0.29%
Published
2005-02-24
Updated
2017-10-11
Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.
Max CVSS
4.6
EPSS Score
0.97%
Published
2005-05-02
Updated
2017-07-11
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
Max CVSS
10.0
EPSS Score
2.35%
Published
2005-01-10
Updated
2018-10-30
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!