Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-08 | CVE-2007-4203 | Improper Authentication vulnerability in Mambo Open Source 4.6.2 Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | 9.3 |
| 2007-07-27 | CVE-2007-4043 | Improper Authentication vulnerability in Securecomputing Securityreporter 4.2.30/4.6.3 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. | 5.0 |
| 2007-07-25 | CVE-2007-3988 | Improper Authentication vulnerability in Virtual Hosting Control System Virtual Hosting Control System Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
| 2007-07-06 | CVE-2007-3597 | Improper Authentication vulnerability in ZEN Cart ZEN Cart Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | 8.5 |
| 2007-06-12 | CVE-2007-3184 | Improper Authentication vulnerability in Apple mac OS X Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | 7.2 |
| 2007-06-11 | CVE-2007-3177 | Improper Authentication vulnerability in Ingate Firewall and Ingate Siparator Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | 5.0 |
| 2007-06-06 | CVE-2007-3050 | Improper Authentication vulnerability in Chameleon CMS Chameleon CMS Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 7.5 |
| 2007-05-16 | CVE-2007-2719 | Improper Authentication vulnerability in HP Systems Insight Manager 4.2/5.0 Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | 10.0 |
| 2007-05-09 | CVE-2007-2555 | Improper Authentication vulnerability in Podium CMS Podium CMS Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | 4.3 |
| 2007-05-09 | CVE-2007-2546 | Improper Authentication vulnerability in Simple Machines Simple Machines Forum Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |