Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-13 | CVE-2008-6131 | Improper Authentication vulnerability in Mozilo Mozilowiki Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.0 |
2009-02-13 | CVE-2008-6128 | Improper Authentication vulnerability in Mozilo Mozilocms Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2009-02-13 | CVE-2009-0360 | Improper Authentication vulnerability in Eyrie Pam-Krb5 Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. | 6.2 |
2009-02-13 | CVE-2009-0362 | Improper Authentication vulnerability in Fail2Ban 0.8.3 filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321. | 4.0 |
2009-02-13 | CVE-2009-0138 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. | 10.0 |
2009-02-11 | CVE-2008-6118 | Improper Authentication vulnerability in Goople CMS Goople CMS 1.7 win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | 7.5 |
2009-02-10 | CVE-2009-0461 | Improper Authentication vulnerability in Wholehogsoftware Password Protect 1.0 Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | 7.5 |
2009-02-10 | CVE-2009-0460 | Improper Authentication vulnerability in Wholehogsoftware Ware Support 1.0 Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | 7.5 |
2009-02-10 | CVE-2009-0492 | Improper Authentication vulnerability in Simpleircbot 1.0 Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | 10.0 |
2009-02-09 | CVE-2008-6092 | Improper Authentication vulnerability in PHPscripts Ranking-Script phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | 7.5 |