CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,271 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,547 researchers

4,085 results Clear all

CVE-2007-4043 9.8 CRITICAL EPSS 0.01

Secure Computing SecurityReporter <4.6.3 - Auth Bypass

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.

CWE-287 Jul 27, 2007

CVE-2007-3988 EPSS 0.01

Virtual Hosting Control System < 2.4.7.1 - Authentication Bypass

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CWE-287 Jul 25, 2007

CVE-2007-3597 EPSS 0.02

Zen Cart < 1.3.7 - Authentication Bypass

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

CWE-287 Jul 06, 2007

CVE-2007-3184 EPSS 0.00

Apple Mac OS X - Authentication Bypass

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

CWE-287 Jun 12, 2007

CVE-2007-3177 EPSS 0.01

Ingate Firewall < 4.5.1 - Authentication Bypass

Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.

CWE-287 Jun 11, 2007

CVE-2007-3050 EPSS 0.01

Chameleon Cms < 3.0 - Authentication Bypass

Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CWE-287 Jun 06, 2007

CVE-2007-2719 EPSS 0.07

HP Systems Insight Manager <5.0 SP5 - Info Disclosure

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

CWE-287 May 16, 2007

CVE-2007-2555 EPSS 0.00

Podium CMS - XSS

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).

CWE-287 May 09, 2007

CVE-2007-2546 EPSS 0.01

Simple Machines Forum <1.1.2 - Info Disclosure

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CWE-287 May 09, 2007

CVE-2007-1859 EPSS 0.00

Xscreensaver - Authentication Bypass

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

CWE-287 May 02, 2007

CVE-2007-2277 EPSS 0.01

Plogger - Authentication Bypass

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CWE-287 Apr 25, 2007

CVE-2007-2243 EPSS 0.00

Openbsd Openssh - Authentication Bypass

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

CWE-287 Apr 25, 2007

CVE-2007-1966 9.1 CRITICAL EPSS 0.00

Exv2 Content Management System - Authentication Bypass

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

CWE-287 Apr 11, 2007

CVE-2007-1952 EPSS 0.01

Onelook Onebyone Cms - Authentication Bypass

Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

CWE-287 Apr 11, 2007

CVE-2007-1953 EPSS 0.01

Onelook Courts Online - Authentication Bypass

Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

CWE-287 Apr 11, 2007

CVE-2007-1949 EPSS 0.01

Webblizzard Content Management System - Authentication Bypass

Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

CWE-287 Apr 11, 2007

CVE-2007-1951 EPSS 0.01

Onelook Oboshop - Authentication Bypass

Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

CWE-287 Apr 11, 2007

CVE-2007-1480 1 PoC Analysis EPSS 0.07

Creative Guestbook - Authentication Bypass

Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.

CWE-287 Mar 16, 2007

CVE-2007-1228 EPSS 0.00

IBM DB2 UDB <8.2-9 - Info Disclosure

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

CWE-287 Mar 02, 2007

CVE-2007-1160 EPSS 0.01

webSPELL 4.0 - Auth Bypass

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

CWE-287 Mar 02, 2007