Total
3218 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1022 | 2 Marcus Krause, Typo3 | 2 T3sec Saltedpw, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2011-1561 | 1 Ibm | 1 Aix | 2023-12-10 | 6.8 MEDIUM | N/A |
The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | |||||
CVE-2011-2925 | 1 Redhat | 1 Enterprise Mrg | 2023-12-10 | 4.6 MEDIUM | N/A |
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | |||||
CVE-2008-4389 | 1 Symantec | 2 Appstream, Workspace Streaming | 2023-12-10 | 9.3 HIGH | N/A |
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors. | |||||
CVE-2010-3091 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2023-12-10 | 5.0 MEDIUM | N/A |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
CVE-2010-1222 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2023-12-10 | 5.0 MEDIUM | N/A |
CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | |||||
CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2023-12-10 | 7.5 HIGH | N/A |
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2023-12-10 | 5.0 MEDIUM | N/A |
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
CVE-2009-4843 | 1 Toutvirtual | 1 Virtualiq | 2023-12-10 | 7.5 HIGH | N/A |
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. | |||||
CVE-2010-1454 | 1 Vmware | 1 Tc Server | 2023-12-10 | 6.8 MEDIUM | N/A |
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. | |||||
CVE-2011-2014 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 9.0 HIGH | N/A |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." | |||||
CVE-2009-4806 | 1 Digitalinterchange | 1 Digital Interchange Document Library | 2023-12-10 | 7.5 HIGH | N/A |
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2023-12-10 | 10.0 HIGH | N/A |
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-2155 | 1 Smartertools | 1 Smarterstats | 2023-12-10 | 7.5 HIGH | N/A |
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
CVE-2011-2907 | 1 Clusterresources | 1 Torque Resource Manager | 2023-12-10 | 7.5 HIGH | N/A |
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program. | |||||
CVE-2011-0384 | 1 Cisco | 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software | 2023-12-10 | 10.0 HIGH | N/A |
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. | |||||
CVE-2011-4644 | 1 Splunk | 1 Splunk | 2023-12-10 | 9.3 HIGH | N/A |
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | |||||
CVE-2011-0383 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | |||||
CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2023-12-10 | 7.5 HIGH | N/A |
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | |||||
CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2023-12-10 | 7.5 HIGH | N/A |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. |