Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-14 | CVE-2009-1629 | Improper Authentication vulnerability in Antony Lesuisse Ajaxterm ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack. | 6.8 |
2009-05-14 | CVE-2009-1580 | Improper Authentication vulnerability in Squirrelmail Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | 5.8 |
2009-05-12 | CVE-2009-1619 | Improper Authentication vulnerability in Teraway Filestream 1.0 Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | 7.5 |
2009-05-12 | CVE-2009-1618 | Improper Authentication vulnerability in Teraway Livehelp 2.0 Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | 7.5 |
2009-05-12 | CVE-2009-1617 | Improper Authentication vulnerability in Teraway Linktracker 1.0 Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. | 7.5 |
2009-05-11 | CVE-2009-1596 | Improper Authentication vulnerability in Igniterealtime Openfire Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | 6.5 |
2009-05-11 | CVE-2009-1595 | Improper Authentication vulnerability in Igniterealtime Openfire The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | 4.0 |
2009-05-07 | CVE-2009-1587 | Improper Authentication vulnerability in Kalptarudemos PHP Site Lock 2.0 index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | 7.5 |
2009-05-06 | CVE-2009-1549 | Improper Authentication vulnerability in Agtc Myshop 3.2B AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | 7.5 |
2009-05-01 | CVE-2009-1504 | Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5 Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | 7.5 |