Total
4006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3478 | 1 Symantec | 1 Pcanywhere | 2026-04-29 | 10.0 HIGH | N/A |
| The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631. | |||||
| CVE-2012-2122 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2026-04-29 | 5.1 MEDIUM | N/A |
| sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | |||||
| CVE-2013-0487 | 1 Ibm | 1 Lotus Domino | 2026-04-29 | 8.5 HIGH | N/A |
| The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | |||||
| CVE-2009-4670 | 1 Beaussier | 1 Roomphplanning | 2026-04-29 | 7.5 HIGH | N/A |
| admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. | |||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2026-04-29 | 9.3 HIGH | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-0688 | 1 Symantec | 3 Antivirus, Antivirus Central Quarantine Server, System Center | 2026-04-29 | 9.3 HIGH | N/A |
| Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5930 | 1 Microfocus | 1 Privileged User Manager | 2026-04-29 | 6.4 MEDIUM | N/A |
| The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. | |||||
| CVE-2009-4801 | 1 Will Kraft | 1 Ez-blog | 2026-04-29 | 7.5 HIGH | N/A |
| EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts. | |||||
| CVE-2010-3685 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2026-04-29 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2011-2758 | 1 Ibm | 1 Tivoli Directory Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2026-04-29 | 9.0 HIGH | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | |||||
| CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2026-04-29 | 7.5 HIGH | N/A |
| admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | |||||
| CVE-2013-2944 | 1 Strongswan | 1 Strongswan | 2026-04-29 | 4.9 MEDIUM | N/A |
| strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | |||||
| CVE-2012-4066 | 1 Eucalyptus | 1 Eucalyptus | 2026-04-29 | 5.0 MEDIUM | N/A |
| The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | |||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2026-04-29 | 5.0 MEDIUM | N/A |
| The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. | |||||
| CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2026-04-29 | 5.0 MEDIUM | N/A |
| file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | |||||
| CVE-2010-4279 | 1 Artica | 1 Pandora Fms | 2026-04-29 | 10.0 HIGH | N/A |
| The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | |||||
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2026-04-29 | 6.4 MEDIUM | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||
| CVE-2009-4808 | 1 Graugon | 1 Php Article Publisher | 2026-04-29 | 7.5 HIGH | N/A |
| admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | |||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2026-04-29 | 6.1 MEDIUM | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||||