Export limit exceeded: 11560 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 High |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | ||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | ||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2025-04-03 | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | ||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2025-04-03 | N/A |
| The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | ||||
| CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | N/A |
| edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | ||||
| CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2025-04-03 | N/A |
| LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | ||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | ||||
| CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2025-04-03 | N/A |
| Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | ||||
| CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2025-04-03 | N/A |
| Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | ||||
| CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2025-04-03 | N/A |
| SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | ||||
| CVE-2006-1228 | 1 Drupal | 1 Drupal | 2025-04-03 | N/A |
| Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | ||||
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | N/A |
| Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | ||||
| CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-03 | N/A |
| SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | ||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2025-04-03 | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | ||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | ||||
| CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2025-04-03 | N/A |
| An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | ||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | ||||
| CVE-2002-2279 | 1 Aldap | 1 Aldap | 2025-04-03 | N/A |
| Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | ||||
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | 7.5 High |
| Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | ||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | N/A |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | ||||