Total
3242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2963 | 1 Breakingpointsystems | 2 Breakingpoint Storm Appliance, Breakingpoint Storm Appliance Ctm | 2023-12-10 | 5.0 MEDIUM | N/A |
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file. | |||||
CVE-2012-5633 | 1 Apache | 1 Cxf | 2023-12-10 | 5.8 MEDIUM | N/A |
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | |||||
CVE-2012-0702 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2023-12-10 | 4.0 MEDIUM | N/A |
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2023-12-10 | 10.0 HIGH | N/A |
The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
CVE-2012-3473 | 1 Ushahidi | 1 Ushahidi Platform | 2023-12-10 | 6.4 MEDIUM | N/A |
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. | |||||
CVE-2012-4741 | 1 Packetfence | 1 Packetfence | 2023-12-10 | 5.0 MEDIUM | N/A |
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. | |||||
CVE-2012-5930 | 1 Microfocus | 1 Privileged User Manager | 2023-12-10 | 6.4 MEDIUM | N/A |
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. | |||||
CVE-2013-3431 | 1 Cisco | 1 Video Surveillance Manager | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | |||||
CVE-2012-3467 | 1 Apache | 1 Qpid | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | |||||
CVE-2012-0333 | 1 Cisco | 2 Small Business Ip Phone, Small Business Ip Phone Firmware | 2023-12-10 | 5.0 MEDIUM | N/A |
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. | |||||
CVE-2013-2157 | 1 Openstack | 1 Keystone | 2023-12-10 | 4.3 MEDIUM | N/A |
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | |||||
CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2023-12-10 | 5.0 MEDIUM | N/A |
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||||
CVE-2012-2388 | 1 Strongswan | 1 Strongswan | 2023-12-10 | 7.5 HIGH | N/A |
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." | |||||
CVE-2012-4457 | 1 Openstack | 1 Keystone | 2023-12-10 | 4.0 MEDIUM | N/A |
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | |||||
CVE-2011-4085 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. | |||||
CVE-2013-1211 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2023-12-10 | 5.0 MEDIUM | N/A |
Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | |||||
CVE-2013-0759 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. | |||||
CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2023-12-10 | 5.4 MEDIUM | N/A |
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||||
CVE-2013-0209 | 1 Sixapart | 1 Movable Type | 2023-12-10 | 7.5 HIGH | N/A |
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. | |||||
CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2023-12-10 | 10.0 HIGH | N/A |
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. |