Total
3218 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1134 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.1 HIGH | N/A |
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. | |||||
CVE-2013-6828 | 1 Pineapp | 1 Mail-secure | 2023-12-10 | 6.4 MEDIUM | N/A |
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | |||||
CVE-2013-1443 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. | |||||
CVE-2012-6440 | 1 Rockwellautomation | 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more | 2023-12-10 | 9.3 HIGH | N/A |
The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. | |||||
CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2023-12-10 | 5.0 MEDIUM | N/A |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | |||||
CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2023-12-10 | 7.5 HIGH | N/A |
The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
CVE-2013-4782 | 1 Supermicro | 1 Bmc | 2023-12-10 | 10.0 HIGH | N/A |
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||||
CVE-2012-1808 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | |||||
CVE-2012-1145 | 1 Redhat | 2 Enterprise Linux, Satellite | 2023-12-10 | 5.0 MEDIUM | N/A |
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | |||||
CVE-2012-4021 | 1 Mosp | 1 Kintai Kanri | 2023-12-10 | 5.5 MEDIUM | N/A |
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | |||||
CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2023-12-10 | 2.6 LOW | N/A |
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||
CVE-2012-2498 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-12-10 | 4.0 MEDIUM | N/A |
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | |||||
CVE-2013-1364 | 1 Zabbix | 1 Zabbix | 2023-12-10 | 5.0 MEDIUM | N/A |
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | |||||
CVE-2012-4614 | 1 Emc | 1 It Operations Intelligence | 2023-12-10 | 9.3 HIGH | N/A |
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | |||||
CVE-2013-1337 | 1 Microsoft | 1 .net Framework | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | |||||
CVE-2012-3137 | 1 Oracle | 2 Database Server, Primavera P6 Enterprise Project Portfolio Management | 2023-12-10 | 6.4 MEDIUM | N/A |
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." | |||||
CVE-2012-4392 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 7.5 HIGH | N/A |
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |||||
CVE-2012-1840 | 1 Ajaxplorer | 1 Ajaxplorer | 2023-12-10 | 7.5 HIGH | N/A |
AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | |||||
CVE-2012-1602 | 1 Nextbbs | 1 Nextbbs | 2023-12-10 | 7.5 HIGH | N/A |
user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||||
CVE-2013-6634 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. |