Lucene search
K

99 matches found

CVE
CVE
added 2005/02/20 5:0 a.m.43 views

CVE-2004-1605

SalesLogix 6.1 contains an authentication bypass vulnerability. An attacker can remotely bypass login by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. The CVSS metrics indicate network access, low attack complexity, and no authentication required, with p...

7.5CVSS7.4AI score0.02118EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.16 views

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...

6.5AI score0.01351EPSS
Exploits0References5
CVE
CVE
added 2005/02/19 5:0 a.m.55 views

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 is affected by a vulnerability in handling certain character strings in the Path attribute, which can allow a remote attacker to hijack sessions by causing cookies to be modified in other domains when the attacker’s domain name is contained in the target’s doma...

5CVSS6.9AI score0.01351EPSS
Exploits0References5
NVD
NVD
added 2004/11/23 5:0 a.m.17 views

CVE-2004-0249

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...

10CVSS6.9AI score0.04931EPSS
Exploits1References6
CVE
CVE
added 2004/09/01 4:0 a.m.55 views

CVE-2002-1112

CVE-2002-1112 : Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie used on the View Bugs page. Supported details indicate the issue affects Mantis versions up to 0.17.4; Debian advisories note fixes in 0.17.4a-2. No exploitation specif...

5CVSS6.9AI score0.0152EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2004/07/30 12:0 a.m.24 views

Linpha 0.9.4: authentication bypass

///////////////////////////////////////////////////// //// Vulnerable Program: Linpha //// //// Url: http://linpha.sf.net //// //// Version: 0.9.4 Latest version //// //// Date: Today, July 28 of 2004 //// //// Author: Fernando Quintero a.k.a nonroot //// Email: [email protected]...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.17 views

CVE-2004-0249

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID...

6.9AI score0.04931EPSS
Exploits1References6
NVD
NVD
added 2003/12/31 5:0 a.m.14 views

CVE-2003-1424

message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie...

6.8CVSS6.6AI score0.01052EPSS
Exploits0References2
CVE
CVE
added 2003/04/02 5:0 a.m.59 views

CVE-2002-0516

CVE-2002-0516 affects SquirrelMail 1.2.5 and earlier. Affected component: THEME cookie handling. Root cause: authenticated users can modify the THEME cookie to execute arbitrary commands. Impact is high (complete confidentiality, integrity, and availability) as per the cited report. No remediatio...

10CVSS7.6AI score0.10961EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.18 views

CVE-2002-0516

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie...

7.2AI score0.10961EPSS
Exploits1References4
NVD
NVD
added 2002/10/04 4:0 a.m.16 views

CVE-2002-1112

Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page...

5CVSS6.9AI score0.0152EPSS
Exploits0References5
securityvulns
securityvulns
added 2002/08/21 12:0 a.m.27 views

Mozilla FTP View Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Mozilla FTP View Cross-Site Scripting Vulnerability + Date: 4 August 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 Mozilla 1.0 + Not vulnerable: Windows2000 SP2 Mozilla 1.1 Beta +...

0.5AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.10 views

CVE-2002-0522

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie...

7.5CVSS7.2AI score0.01648EPSS
Exploits1References5
CVE
CVE
added 2002/06/25 4:0 a.m.49 views

CVE-2002-0097

CVE-2002-0097 affects Geeklog 1.3, where remote attackers can hijack user accounts (including the administrator) by modifying a user’s permanent cookie UID to the target account. The root cause is manipulating the UID in the persistent cookie to assume another user’s session. The available connec...

7.5CVSS6.7AI score0.01588EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.22 views

CVE-2002-0097

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...

6.6AI score0.01588EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.17 views

CVE-2002-0522

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie...

7.2AI score0.01648EPSS
Exploits1References5
CVE
CVE
added 2002/06/11 4:0 a.m.52 views

CVE-2002-0522

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. The flaw is in how ASP-Nuke uses cookies for authentication, enabling cookie tampering to impersonate other users (including admin). Vendor patch status is not provided ...

7.5CVSS7.2AI score0.01648EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2002/03/25 5:0 a.m.12 views

CVE-2002-0097

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...

7.5CVSS6.7AI score0.01588EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/01/11 12:0 a.m.45 views

Cookie modification allows unauthenticated user login in Geeklog 1.3

A major security vulnerability exists in Geeklog 1.3, released on December 30th, 2001. When permanent cookies are enabled, as they are in a stock install, Geeklog stores a user's UID in a cookie upon successful login. This cookie is subsequently used during future visits to the site to...

0.3AI score
Exploits0
Rows per page
Query Builder