CVE & Exploit Intelligence Database

CVE-2009-0891 EPSS 0.00

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.

CWE-287 Mar 25, 2009

CVE-2009-1050 1 PoC Analysis EPSS 0.03

Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

CWE-287 Mar 24, 2009

CVE-2008-6455 EPSS 0.00

Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-287 Mar 13, 2009

CVE-2009-0085 EPSS 0.25

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

CWE-287 Mar 10, 2009

CVE-2009-0864 1 PoC Analysis EPSS 0.03

S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

CWE-287 Mar 10, 2009

CVE-2009-0853 1 PoC Analysis EPSS 0.03

login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.

CWE-287 Mar 09, 2009

CVE-2008-6445 EPSS 0.00

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.

CWE-287 Mar 09, 2009

CVE-2008-6440 EPSS 0.00

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

CWE-287 Mar 06, 2009

CVE-2008-6411 1 PoC Analysis EPSS 0.02

Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.

CWE-287 Mar 06, 2009

CVE-2008-6307 1 PoC Analysis EPSS 0.02

E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."

CWE-287 Feb 26, 2009

CVE-2009-0614 EPSS 0.01

Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.

CWE-287 Feb 26, 2009

CVE-2008-6300 1 PoC Analysis EPSS 0.02

Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-287 Feb 26, 2009

CVE-2008-6269 1 PoC Analysis EPSS 0.02

Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.

CWE-287 Feb 25, 2009

CVE-2009-0440 EPSS 0.00

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

CWE-287 Feb 22, 2009

CVE-2009-0655 EPSS 0.00

Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.

CWE-287 Feb 20, 2009

CVE-2009-0653 EPSS 0.00

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.

CWE-287 Feb 20, 2009

CVE-2009-0642 EPSS 0.01

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

CWE-287 Feb 20, 2009

CVE-2008-6162 1 PoC Analysis EPSS 0.02

Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.

CWE-287 Feb 20, 2009

CVE-2008-6143 1 PoC Analysis EPSS 0.01

OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.

CWE-287 Feb 16, 2009

CVE-2008-6131 EPSS 0.01

Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CWE-287 Feb 13, 2009