Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-26 | CVE-2008-6307 | Improper Authentication vulnerability in E-Topbiz Link Back Checker 1 E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | 7.5 |
2009-02-26 | CVE-2009-0614 | Improper Authentication vulnerability in Cisco Unified Meetingplace web Conferencing 7.0(1) Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | 9.0 |
2009-02-26 | CVE-2008-6300 | Improper Authentication vulnerability in GWM Galatolo Webmanager 1.3A Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. | 7.5 |
2009-02-25 | CVE-2008-6269 | Improper Authentication vulnerability in Joovili 3.1.4 Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users. | 7.5 |
2009-02-22 | CVE-2009-0440 | Improper Authentication vulnerability in IBM Websphere Partner Gateway IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | 6.5 |
2009-02-20 | CVE-2009-0655 | Improper Authentication vulnerability in Lenovo Veriface III Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | 6.9 |
2009-02-20 | CVE-2009-0653 | Improper Authentication vulnerability in Openssl 0.9.6 OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | 7.5 |
2009-02-20 | CVE-2009-0642 | Improper Authentication vulnerability in Ruby-Lang Ruby 1.8/1.9 ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. | 6.8 |
2009-02-20 | CVE-2008-6162 | Improper Authentication vulnerability in BUX Bux.To Clone Script Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. | 7.5 |
2009-02-16 | CVE-2008-6143 | Improper Authentication vulnerability in Owentechkenya Owenpoll 1.0 OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | 7.5 |