Total
3232 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2369 | 1 Vnc | 1 Realvnc | 2023-12-10 | 7.5 HIGH | N/A |
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | |||||
CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2023-12-10 | 7.5 HIGH | N/A |
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||
CVE-2004-2734 | 1 Novell | 1 Netware | 2023-12-10 | 10.0 HIGH | N/A |
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
CVE-2006-1228 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.1 MEDIUM | N/A |
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | |||||
CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2023-12-10 | 7.1 HIGH | N/A |
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | |||||
CVE-2005-4851 | 1 Ez | 1 Ez Publish | 2023-12-10 | 4.0 MEDIUM | N/A |
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | |||||
CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | |||||
CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2023-12-10 | 7.5 HIGH | N/A |
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | |||||
CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2023-12-10 | 5.0 MEDIUM | N/A |
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | |||||
CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2023-12-10 | 5.0 MEDIUM | N/A |
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | |||||
CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2023-12-10 | 7.5 HIGH | N/A |
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | |||||
CVE-2006-2224 | 1 Quagga | 1 Quagga Routing Software Suite | 2023-12-10 | 5.0 MEDIUM | N/A |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | |||||
CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2023-12-10 | 6.4 MEDIUM | N/A |
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | |||||
CVE-2002-2417 | 1 Acftp | 1 Acftp | 2023-12-10 | 10.0 HIGH | N/A |
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | |||||
CVE-2002-2279 | 1 Aldap | 1 Aldap | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | |||||
CVE-2003-1475 | 1 Netbus | 1 Netbus | 2023-12-10 | 6.8 MEDIUM | N/A |
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||||
CVE-2001-0537 | 1 Cisco | 1 Ios | 2023-12-10 | 9.3 HIGH | N/A |
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||||
CVE-2003-0216 | 1 Cisco | 1 Catos | 2023-12-10 | 9.3 HIGH | N/A |
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2023-12-10 | 7.5 HIGH | N/A |
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". |