Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-02 | CVE-2007-1859 | Improper Authentication vulnerability in Xscreensaver 4.10 XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | 4.6 |
| 2007-04-25 | CVE-2007-2277 | Improper Authentication vulnerability in Plogger Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 7.5 |
| 2007-04-25 | CVE-2007-2243 | Improper Authentication vulnerability in Openbsd Openssh OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | 5.0 |
| 2007-04-11 | CVE-2007-1966 | Improper Authentication vulnerability in Exv2 Content Management System 2.0.4.3 Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | 5.0 |
| 2007-04-11 | CVE-2007-1953 | Improper Authentication vulnerability in Onelook Courts Online Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | 7.5 |
| 2007-04-11 | CVE-2007-1952 | Improper Authentication vulnerability in Onelook Onebyone CMS Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | 7.5 |
| 2007-04-11 | CVE-2007-1951 | Improper Authentication vulnerability in Onelook Oboshop Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | 7.5 |
| 2007-04-11 | CVE-2007-1949 | Improper Authentication vulnerability in Webblizzard Content Management System Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | 7.5 |
| 2007-03-16 | CVE-2007-1480 | Improper Authentication vulnerability in Creative Guestbook Creative Guestbook 1.0 Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | 7.5 |
| 2007-03-02 | CVE-2007-1228 | Improper Authentication vulnerability in IBM DB2 8.2/9.0 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | 4.4 |