99 matches found
CVE-2004-1605
SalesLogix 6.1 contains an authentication bypass vulnerability. An attacker can remotely bypass login by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. The CVSS metrics indicate network access, low attack complexity, and no authentication required, with p...
CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...
CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 is affected by a vulnerability in handling certain character strings in the Path attribute, which can allow a remote attacker to hijack sessions by causing cookies to be modified in other domains when the attacker’s domain name is contained in the target’s doma...
CVE-2004-0249
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...
CVE-2002-1112
CVE-2002-1112 : Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie used on the View Bugs page. Supported details indicate the issue affects Mantis versions up to 0.17.4; Debian advisories note fixes in 0.17.4a-2. No exploitation specif...
Linpha 0.9.4: authentication bypass
///////////////////////////////////////////////////// //// Vulnerable Program: Linpha //// //// Url: http://linpha.sf.net //// //// Version: 0.9.4 Latest version //// //// Date: Today, July 28 of 2004 //// //// Author: Fernando Quintero a.k.a nonroot //// Email: [email protected]...
CVE-2004-0249
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...
CVE-2003-1424
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie...
CVE-2002-0516
CVE-2002-0516 affects SquirrelMail 1.2.5 and earlier. Affected component: THEME cookie handling. Root cause: authenticated users can modify the THEME cookie to execute arbitrary commands. Impact is high (complete confidentiality, integrity, and availability) as per the cited report. No remediatio...
CVE-2002-0516
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie...
CVE-2002-1112
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page...
Mozilla FTP View Cross-Site Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Mozilla FTP View Cross-Site Scripting Vulnerability + Date: 4 August 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 Mozilla 1.0 + Not vulnerable: Windows2000 SP2 Mozilla 1.1 Beta +...
CVE-2002-0522
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie...
CVE-2002-0097
CVE-2002-0097 affects Geeklog 1.3, where remote attackers can hijack user accounts (including the administrator) by modifying a user’s permanent cookie UID to the target account. The root cause is manipulating the UID in the persistent cookie to assume another user’s session. The available connec...
CVE-2002-0097
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...
CVE-2002-0522
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie...
CVE-2002-0522
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. The flaw is in how ASP-Nuke uses cookies for authentication, enabling cookie tampering to impersonate other users (including admin). Vendor patch status is not provided ...
CVE-2002-0097
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...
Cookie modification allows unauthenticated user login in Geeklog 1.3
A major security vulnerability exists in Geeklog 1.3, released on December 30th, 2001. When permanent cookies are enabled, as they are in a stock install, Geeklog stores a user's UID in a cookie upon successful login. This cookie is subsequently used during future visits to the site to...