Export limit exceeded: 12696 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12696 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1409 1 Ulli Horlacher 1 Fex 2025-04-11 N/A
Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.
CVE-2009-4927 1 Webmobo 1 Wbnews 2025-04-11 N/A
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
CVE-2008-7263 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2012-4418 1 Apache 1 Axis2 2025-04-11 N/A
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
CVE-2013-2954 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-4316 2 Apache, Oracle 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE-2009-4929 1 Sweetphp 1 Totalcalender 2025-04-11 N/A
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
CVE-2012-4446 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVE-2013-5200 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
CVE-2011-3997 1 Opengear 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more 2025-04-11 N/A
Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.
CVE-2011-3297 1 Cisco 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software 2025-04-11 N/A
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.
CVE-2011-1898 2 Citrix, Redhat 3 Xen, Enterprise Linux, Rhel Eus 2025-04-11 N/A
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
CVE-2012-2974 1 Smc 1 Smc8024l2 Switch 2025-04-11 N/A
The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.
CVE-2011-2758 1 Ibm 1 Tivoli Directory Server 2025-04-11 N/A
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2009-5116 1 Mcafee 1 Linuxshield 2025-04-11 N/A
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account.
CVE-2012-4926 1 Imgpals 1 Img Pals Photo Host 2025-04-11 N/A
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
CVE-2013-7239 1 Memcached 1 Memcached 2025-04-11 N/A
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
CVE-2012-0400 1 Rsa 1 Envision 2025-04-11 N/A
EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2010-1040 1 Tejimaya 1 Openpne 2025-04-11 N/A
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
CVE-2013-6006 1 Cybozu 1 Garoon 2025-04-11 N/A
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.