Search Results (12671 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0239 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
CVE-2012-0301 1 Symantec 1 Message Filter 2025-04-11 N/A
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-0333 1 Cisco 2 Small Business Ip Phone, Small Business Ip Phone Firmware 2025-04-11 N/A
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
CVE-2012-0675 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
CVE-2012-0944 2 Canonical, Sebastian Heinlein 2 Ubuntu Linux, Aptdaemon 2025-04-11 N/A
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
CVE-2012-5858 1 Samsung 1 Kies Air 2025-04-11 N/A
Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
CVE-2012-1327 1 Cisco 1 Ios 2025-04-11 N/A
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
CVE-2012-5930 1 Microfocus 1 Privileged User Manager 2025-04-11 N/A
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
CVE-2012-1602 1 Nextbbs 1 Nextbbs 2025-04-11 N/A
user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.
CVE-2012-6354 1 Ibm 2 San Volume Controller Software, Storwize V7000 2025-04-11 N/A
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.
CVE-2012-1808 1 Koyo 8 H0-ecom, H0-ecom100, H2-ecom and 5 more 2025-04-11 N/A
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.
CVE-2012-1840 1 Ajaxplorer 1 Ajaxplorer 2025-04-11 N/A
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.
CVE-2012-2281 1 Rsa 2 Access Manager Agent, Access Manager Server 2025-04-11 N/A
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
CVE-2012-2377 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2025-04-11 N/A
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
CVE-2012-2414 1 Asterisk 1 Open Source 2025-04-11 N/A
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
CVE-2012-2437 1 Awcm-cms 1 Ar Web Content Manager 2025-04-11 N/A
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
CVE-2012-2498 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-11 N/A
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
CVE-2012-2606 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2025-04-11 N/A
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
CVE-2012-2626 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
CVE-2012-2963 1 Breakingpointsystems 2 Breakingpoint Storm Appliance, Breakingpoint Storm Appliance Ctm 2025-04-11 N/A
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.