Total
3678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5200 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | 7.5 HIGH | N/A |
| The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. | |||||
| CVE-2013-4875 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | |||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2025-04-11 | 9.3 HIGH | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | |||||
| CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||
| CVE-2013-4824 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. | |||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | |||||
| CVE-2012-1602 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | 7.5 HIGH | N/A |
| user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||||
| CVE-2012-2287 | 2 Emc, Microsoft | 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more | 2025-04-11 | 8.5 HIGH | N/A |
| The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. | |||||
| CVE-2012-5952 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. | |||||
| CVE-2012-6274 | 1 Bigantsoft | 1 Bigant Im Message Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | |||||
| CVE-2012-5975 | 2 Linux, Ssh | 2 Linux Kernel, Tectia Server | 2025-04-11 | 9.3 HIGH | N/A |
| The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c. | |||||
| CVE-2013-2245 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | |||||
| CVE-2013-6859 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | 8.5 HIGH | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2007-6737 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | 7.5 HIGH | N/A |
| FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2010-0447 | 1 Hp | 1 Openview Performance Insight | 2025-04-11 | 10.0 HIGH | N/A |
| The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | |||||
| CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2025-04-11 | 10.0 HIGH | N/A |
| The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||||
| CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2025-04-11 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.4 MEDIUM | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | |||||
| CVE-2009-4830 | 1 Openx | 1 Openx | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | |||||
| CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | 5.0 MEDIUM | N/A |
| Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||||