Search Results (12685 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4731 1 Choice-wireless 1 Wixfmr-111 2025-04-11 N/A
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
CVE-2013-3659 1 Nttdocomo 1 Overseas Usage 2025-04-11 N/A
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
CVE-2012-2606 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
CVE-2013-3610 1 Asus 2 Rt-n10e, Rt-n10e Firmware 2025-04-11 N/A
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.
CVE-2012-2626 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
CVE-2010-2927 1 Ibm 1 Tivoli Directory Server 2025-04-11 N/A
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts.
CVE-2010-2944 1 Jens Vagelpohl 1 Zope-ldapuserfolder 2025-04-11 N/A
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.
CVE-2009-4657 1 Omidrouhani 1 Xerver 2025-04-11 N/A
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
CVE-2012-0240 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-4316 2 Apache, Oracle 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE-2009-5077 1 Creloaded 1 Cre Loaded 2025-04-11 N/A
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
CVE-2014-0015 2 Haxx, Redhat 3 Curl, Libcurl, Enterprise Linux 2025-04-11 N/A
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
CVE-2009-5076 1 Creloaded 1 Cre Loaded 2025-04-11 N/A
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.
CVE-2009-4806 1 Digitalinterchange 1 Digital Interchange Document Library 2025-04-11 N/A
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2011-5100 1 Mcafee 1 Firewall Reporter 2025-04-11 N/A
The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request.
CVE-2010-4179 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
CVE-2013-6171 1 Dovecot 1 Dovecot 2025-04-11 N/A
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
CVE-2011-5063 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2025-04-11 N/A
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
CVE-2010-4170 2 Redhat, Systemtap 2 Enterprise Linux, Systemtap 2025-04-11 N/A
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
CVE-2011-2528 2 Plone, Zope 3 Plone, Plone Hotfix 20110720, Zope 2025-04-11 N/A
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.