Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2620 | 1 Open-ftpd | 1 Open-ftpd | 2025-04-11 | 9.3 HIGH | N/A |
| Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. | |||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | 7.5 HIGH | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2025-04-11 | 7.5 HIGH | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2025-04-11 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-11 | 9.3 HIGH | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.4 MEDIUM | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | |||||
| CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | |||||
| CVE-2010-1191 | 1 Sahanafoundation | 1 Sahana | 2025-04-11 | 6.4 MEDIUM | N/A |
| Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. | |||||
| CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2025-04-11 | 5.8 MEDIUM | N/A |
| Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
| CVE-2011-0392 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2025-04-11 | 7.5 HIGH | N/A |
| Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. | |||||
| CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2025-04-11 | 10.0 HIGH | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
| CVE-2011-1519 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 10.0 HIGH | N/A |
| The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920. | |||||
| CVE-2012-3721 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.0 MEDIUM | N/A |
| Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | |||||
| CVE-2009-4675 | 1 Mole-group | 1 Gastro Portal \(restaurant Directory\) Script | 2025-04-11 | 7.5 HIGH | N/A |
| admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission. | |||||
| CVE-2008-4389 | 1 Symantec | 2 Appstream, Workspace Streaming | 2025-04-11 | 9.3 HIGH | N/A |
| Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors. | |||||
| CVE-2009-0695 | 1 Dell | 1 Wyse Device Manager | 2025-04-11 | 7.5 HIGH | N/A |
| hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | |||||
| CVE-2013-5038 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2025-04-11 | 5.8 MEDIUM | N/A |
| The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | |||||
| CVE-2012-5633 | 1 Apache | 1 Cxf | 2025-04-11 | 5.8 MEDIUM | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | |||||
| CVE-2012-6440 | 1 Rockwellautomation | 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more | 2025-04-11 | 9.3 HIGH | N/A |
| The web-server password-authentication functionality in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows man-in-the-middle attackers to conduct replay attacks via HTTP traffic. | |||||