webSPELL 4.0, and possibly later versions, allows remote malicious users to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
webspell webspell 4.0