Total
3224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4879 | 1 Novell | 1 Access Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | |||||
CVE-2011-0489 | 1 Objectivity | 1 Objectivity\/db | 2023-12-10 | 7.5 HIGH | N/A |
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0744 | 1 Alvaro | 1 Alvaros Messenger | 2023-12-10 | 5.8 MEDIUM | N/A |
aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | |||||
CVE-2011-5053 | 1 Wi-fi | 1 Wifi Protected Setup Protocol | 2023-12-10 | 5.8 MEDIUM | N/A |
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | |||||
CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2023-12-10 | 10.0 HIGH | N/A |
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | |||||
CVE-2011-4051 | 1 Indusoft | 1 Web Studio | 2023-12-10 | 10.0 HIGH | N/A |
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. | |||||
CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2023-12-10 | 5.0 MEDIUM | N/A |
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | |||||
CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2023-12-10 | 9.3 HIGH | N/A |
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | |||||
CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||
CVE-2011-2361 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. | |||||
CVE-2011-4677 | 1 Oneclickorgs | 1 One Click Orgs | 2023-12-10 | 7.5 HIGH | N/A |
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
CVE-2009-4987 | 1 Scripteen | 1 Free Image Hosting Script | 2023-12-10 | 7.5 HIGH | N/A |
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | |||||
CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | |||||
CVE-2010-1820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. | |||||
CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2023-12-10 | 5.8 MEDIUM | N/A |
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
CVE-2011-0039 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2023-12-10 | 7.2 HIGH | N/A |
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | |||||
CVE-2010-2944 | 1 Jens Vagelpohl | 1 Zope-ldapuserfolder | 2023-12-10 | 7.5 HIGH | N/A |
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | |||||
CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2023-12-10 | 4.4 MEDIUM | N/A |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
CVE-2009-4909 | 1 Dootzky | 1 Oblog | 2023-12-10 | 6.8 MEDIUM | N/A |
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. |