Total
4274 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | ||||
| CVE-2012-0062 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | ||||
| CVE-2012-1123 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | ||||
| CVE-2011-5253 | 1 Thegr | 1 Dl | 2025-04-11 | N/A |
| Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header. | ||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2025-04-11 | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | ||||
| CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2025-04-11 | N/A |
| kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | ||||
| CVE-2011-4677 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | N/A |
| One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2011-4590 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | ||||
| CVE-2011-4514 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | N/A |
| The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | ||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | ||||
| CVE-2012-5633 | 2 Apache, Redhat | 7 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 4 more | 2025-04-11 | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | ||||
| CVE-2011-4091 | 3 Armin Burgmeier, Opensuse, Oracle | 3 Net6, Opensuse, Solaris | 2025-04-11 | N/A |
| The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | ||||
| CVE-2011-1766 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation. | ||||
| CVE-2011-4022 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-11 | N/A |
| The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. | ||||
| CVE-2009-4808 | 1 Graugon | 1 Php Article Publisher | 2025-04-11 | N/A |
| admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | ||||
| CVE-2010-2927 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | ||||
| CVE-2011-3297 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software | 2025-04-11 | N/A |
| Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | ||||
| CVE-2011-3298 | 1 Cisco | 6 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 3 more | 2025-04-11 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274. | ||||
| CVE-2009-4801 | 1 Will Kraft | 1 Ez-blog | 2025-04-11 | N/A |
| EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts. | ||||
| CVE-2012-5858 | 1 Samsung | 1 Kies Air | 2025-04-11 | N/A |
| Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | ||||