Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0738 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. | |||||
| CVE-2012-4392 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | 7.5 HIGH | N/A |
| index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |||||
| CVE-2009-4879 | 1 Novell | 1 Access Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | |||||
| CVE-2012-6274 | 1 Bigantsoft | 1 Bigant Im Message Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | |||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | |||||
| CVE-2013-4875 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | |||||
| CVE-2012-3473 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
| The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. | |||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |||||
| CVE-2011-4677 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 7.5 HIGH | N/A |
| One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2010-2026 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2025-04-11 | 6.4 MEDIUM | N/A |
| The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | |||||
| CVE-2012-5003 | 1 Nomachine | 1 Nx Web Companion | 2025-04-11 | 6.8 MEDIUM | N/A |
| nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file. | |||||
| CVE-2013-7239 | 1 Memcached | 1 Memcached | 2025-04-11 | 4.8 MEDIUM | N/A |
| memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | |||||
| CVE-2013-6920 | 1 Siemens | 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | |||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2012-5352 | 1 Josso | 1 Java Open Single Sign-on Project Home | 2025-04-11 | 5.8 MEDIUM | N/A |
| Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||||
| CVE-2013-6859 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | 8.5 HIGH | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2013-2245 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | |||||
| CVE-2013-4824 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. | |||||
| CVE-2013-7282 | 1 Nisuta | 4 Ns-wir150ne, Ns-wir150ne Firmware, Ns-wir300n and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | |||||
| CVE-2011-0039 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-11 | 7.2 HIGH | N/A |
| The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | |||||