Total
3231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | |||||
CVE-2010-1820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. | |||||
CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2023-12-10 | 5.8 MEDIUM | N/A |
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
CVE-2011-0039 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2023-12-10 | 7.2 HIGH | N/A |
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | |||||
CVE-2010-2944 | 1 Jens Vagelpohl | 1 Zope-ldapuserfolder | 2023-12-10 | 7.5 HIGH | N/A |
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | |||||
CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2023-12-10 | 4.4 MEDIUM | N/A |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
CVE-2009-4909 | 1 Dootzky | 1 Oblog | 2023-12-10 | 6.8 MEDIUM | N/A |
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. | |||||
CVE-2009-4671 | 1 Beaussier | 1 Roomphplanning | 2023-12-10 | 7.5 HIGH | N/A |
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. | |||||
CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2023-12-10 | 7.5 HIGH | N/A |
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | |||||
CVE-2010-2526 | 2 Heinz Mauelshagen, Redhat | 3 Lvm2, Cluster Suite, Enterprise Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. | |||||
CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2023-12-10 | 7.5 HIGH | N/A |
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | |||||
CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2023-12-10 | 6.9 MEDIUM | N/A |
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | |||||
CVE-2010-1910 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2023-12-10 | 5.1 MEDIUM | N/A |
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. | |||||
CVE-2007-6737 | 1 G.rodola | 1 Pyftpdlib | 2023-12-10 | 7.5 HIGH | N/A |
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2009-4801 | 1 Will Kraft | 1 Ez-blog | 2023-12-10 | 7.5 HIGH | N/A |
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts. | |||||
CVE-2009-4670 | 1 Beaussier | 1 Roomphplanning | 2023-12-10 | 7.5 HIGH | N/A |
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. | |||||
CVE-2010-4573 | 1 Vmware | 1 Esxi | 2023-12-10 | 9.3 HIGH | N/A |
The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | |||||
CVE-2010-2927 | 1 Ibm | 1 Tivoli Directory Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | |||||
CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2023-12-10 | 5.0 MEDIUM | N/A |
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | |||||
CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2023-12-10 | 6.4 MEDIUM | N/A |
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. |