Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-4830

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Apr, 2010 | 15:00
Updated At-16 Sep, 2024 | 23:01
Rejected At-
Credits

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Apr, 2010 | 15:00
Updated At:16 Sep, 2024 | 23:01
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/61300
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/37914
third-party-advisory
x_refsource_SECUNIA
http://blog.openx.org/12/security-matters-2/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/37457
vdb-entry
x_refsource_BID
http://forum.openx.org/index.php?showtopic=503454011
x_refsource_MISC
Hyperlink: http://osvdb.org/61300
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/37914
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://blog.openx.org/12/security-matters-2/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/37457
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://forum.openx.org/index.php?showtopic=503454011
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://osvdb.org/61300
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/37914
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://blog.openx.org/12/security-matters-2/
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/37457
vdb-entry
x_refsource_BID
x_transferred
http://forum.openx.org/index.php?showtopic=503454011
x_refsource_MISC
x_transferred
Hyperlink: http://osvdb.org/61300
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/37914
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://blog.openx.org/12/security-matters-2/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/37457
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://forum.openx.org/index.php?showtopic=503454011
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Apr, 2010 | 15:30
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
openx
openx
>>openx>>2.8.1
cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*
openx
openx
>>openx>>2.8.2
cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.openx.org/12/security-matters-2/cve@mitre.org
Patch
Vendor Advisory
http://forum.openx.org/index.php?showtopic=503454011cve@mitre.org
Patch
http://osvdb.org/61300cve@mitre.org
N/A
http://secunia.com/advisories/37914cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/37457cve@mitre.org
N/A
http://blog.openx.org/12/security-matters-2/af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://forum.openx.org/index.php?showtopic=503454011af854a3a-2127-422b-91ae-364da2661108
Patch
http://osvdb.org/61300af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37914af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/37457af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://blog.openx.org/12/security-matters-2/
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://forum.openx.org/index.php?showtopic=503454011
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://osvdb.org/61300
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37914
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/37457
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://blog.openx.org/12/security-matters-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://forum.openx.org/index.php?showtopic=503454011
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://osvdb.org/61300
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37914
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/37457
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

698Records found
CVE-2009-1854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 79.94%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

Action-Not Available
Vendor-cmsnxn/a
Product-million_dollar_text_linksn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 85.13%
||
7 Day CHG~0.00%
Published-15 May, 2009 | 15:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.

Action-Not Available
Vendor-t-dreamsn/a
Product-job_career_packagen/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-3601
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.73% / 90.09%
||
7 Day CHG-0.29%
Published-09 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-control_managerTrend Micro Control Manager
CWE ID-CWE-287
Improper Authentication
CVE-2020-8771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-83.61% / 99.24%
||
7 Day CHG-1.41%
Published-06 Feb, 2020 | 16:27
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.

Action-Not Available
Vendor-wptimecapsulen/a
Product-wp_time_capsulen/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-9068
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.55%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:26
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar3200ar3200_firmwareAR3200
CWE ID-CWE-287
Improper Authentication
CVE-2009-2231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.28% / 78.76%
||
7 Day CHG~0.00%
Published-26 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.

Action-Not Available
Vendor-mid.asn/a
Product-midasn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-3822
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.68%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.

Action-Not Available
Vendor-Elasticsearch BV
Product-x-packX-Pack Security
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2009-1664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 77.45%
||
7 Day CHG~0.00%
Published-17 May, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Action-Not Available
Vendor-easy-scriptsn/a
Product-answer_and_question_scriptn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-8606
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-9.8||CRITICAL
EPSS-88.83% / 99.49%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 22:45
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-interscan_web_security_virtual_applianceTrend Micro InterScan Web Security Virtual Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2009-2117
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.48% / 80.20%
||
7 Day CHG~0.00%
Published-18 Jun, 2009 | 21:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.

Action-Not Available
Vendor-phportaln/a
Product-phportaln/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-9294
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-77.59% / 98.95%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 16:20
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortivoicefortimailFortiVoiceEnterpriseFortiMail
CWE ID-CWE-287
Improper Authentication
CVE-2018-21246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 70.40%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 16:50
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

Action-Not Available
Vendor-caddyservern/a
Product-caddyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2410
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.24%
||
7 Day CHG~0.00%
Published-30 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection.

Action-Not Available
Vendor-fedorahostedn/a
Product-sssdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-21038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.91%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 16:18
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-2449
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.6||HIGH
EPSS-1.30% / 78.94%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 16:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

Action-Not Available
Vendor-SAP SE
Product-supplier_relationship_management_mdm_catalogSAP Supplier Relationship Management Master Data Management Catalog
CWE ID-CWE-287
Improper Authentication
CVE-2009-1619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.

Action-Not Available
Vendor-terawayn/a
Product-filestreamn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-12 Jun, 2009 | 17:28
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

Action-Not Available
Vendor-grestuln/a
Product-grestuln/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.

Action-Not Available
Vendor-terawayn/a
Product-livehelpn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.50%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-20675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 00:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-822-usdir-850ldir-880ldir-850l_firmwaredir-822_firmwaredir-880l_firmwaredir-822dir-822-us_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-08 Jul, 2009 | 15:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

Action-Not Available
Vendor-jay-jayx0rn/a
Product-phpmyblockcheckern/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-7197
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:09
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-storeserv_management_consoleHPE 3PAR StoreServ Management and Core Software Media
CWE ID-CWE-287
Improper Authentication
CVE-2018-19645
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.37%
||
7 Day CHG~0.00%
Published-12 Feb, 2019 | 20:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

Action-Not Available
Vendor-NetIQ eDirectoryMicro Focus International Limited
Product-solutions_business_managerNetIQ Access Manager (NAM)
CWE ID-CWE-287
Improper Authentication
CVE-2009-2088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.08%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-05 Jul, 2009 | 16:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

Action-Not Available
Vendor-max_kervinn/a
Product-kervinet_forumn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-19783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.66% / 90.01%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 19:09
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.

Action-Not Available
Vendor-kentixn/a
Product-multisensor-lanmultisensor-lan_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-18 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.

Action-Not Available
Vendor-buxn/a
Product-bux.to_clone_scriptn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-7856
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.30%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 12:02
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.

Action-Not Available
Vendor-cnestyCnesty
Product-helpcomHelpcom
CWE ID-CWE-287
Improper Authentication
CVE-2009-2168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.10% / 77.18%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 20:00
Updated-21 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

Action-Not Available
Vendor-egyplusn/a
Product-7ammeln/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-6199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.48%
||
7 Day CHG-0.00%
Published-06 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

Action-Not Available
Vendor-sandstormn/a
Product-sandstormn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 19:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.96%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 19:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Action-Not Available
Vendor-zopen/a
Product-zodbn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-5608
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 81.39%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:13
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-b\/m9000cscentum_vp_firmwarecentum_cs_3000_firmwareb\/m9000vpcentum_vpcentum_cs_3000b\/m9000vp_firmwareb\/m9000cs_firmwareCAMS for HIS
CWE ID-CWE-287
Improper Authentication
CVE-2009-1050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.78% / 85.48%
||
7 Day CHG~0.00%
Published-24 Mar, 2009 | 14:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

Action-Not Available
Vendor-kamadsn/a
Product-bloginatorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 82.92%
||
7 Day CHG~0.00%
Published-29 Apr, 2009 | 18:06
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.

Action-Not Available
Vendor-rens_rikkerinkn/a
Product-fungamezn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 84.35%
||
7 Day CHG~0.00%
Published-07 May, 2009 | 23:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.

Action-Not Available
Vendor-kalptarudemosn/a
Product-php_site_lockn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0695
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-70.62% / 98.63%
||
7 Day CHG~0.00%
Published-19 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Action-Not Available
Vendor-n/aDell Inc.
Product-wyse_device_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1122
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-91.01% / 99.62%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serviceswindows_2000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-4879
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.91% / 74.84%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 17:20
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscognos_controllerCognos Controller
CWE ID-CWE-287
Improper Authentication
CVE-2008-6862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_content_rotatorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-24 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.

Action-Not Available
Vendor-ajsquaren/a
Product-aj_classifiedsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 23:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_news_manager.netn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0412
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Action-Not Available
Vendor-interspiren/a
Product-shopping_cartn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-6643
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.55%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEGoogle LLCApple Inc.Debian GNU/LinuxMicrosoft Corporation
Product-linux_kernelopensusechromewindowsdebian_linuxmac_os_xn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.00% / 82.92%
||
7 Day CHG~0.00%
Published-10 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."

Action-Not Available
Vendor-taskdrivern/a
Product-taskdrivern/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.95%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_podcast.netn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.84%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-g.rodolan/a
Product-pyftpdlibn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_newslettern/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_banner_manager.netn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found