Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-06 | CVE-2002-2427 | Improper Authentication vulnerability in Goahead Webserver 2.0/2.1 The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | 5.0 |
| 2009-02-03 | CVE-2009-0412 | Improper Authentication vulnerability in Interspire Shopping Cart 4.0.1 The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt. | 7.5 |
| 2009-02-03 | CVE-2008-6039 | Improper Authentication vulnerability in Bluepage CMS 2.4.0 Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
| 2009-01-30 | CVE-2008-5082 | Improper Authentication vulnerability in Redhat Dogtag Certificate System and Certificate System The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | 6.0 |
| 2009-01-30 | CVE-2008-6009 | Improper Authentication vulnerability in SG Real Estate Portal SG Real Estate Portal 2.0 SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | 7.5 |
| 2009-01-27 | CVE-2009-0280 | Improper Authentication vulnerability in Asp-Project 1.0 Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. | 7.5 |
| 2009-01-26 | CVE-2008-5967 | Improper Authentication vulnerability in PHPicalendar admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | 7.5 |
| 2009-01-23 | CVE-2008-5964 | Improper Authentication vulnerability in Impresscms Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
| 2009-01-22 | CVE-2009-0256 | Improper Authentication vulnerability in Typo3 Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | 7.5 |
| 2009-01-22 | CVE-2008-5945 | Improper Authentication vulnerability in Nukevietcms Nukeviet 2.0 Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. | 7.5 |