Total
3679 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2025-04-11 | 10.0 HIGH | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
| CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 2.6 LOW | N/A |
| The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||
| CVE-2013-3060 | 1 Apache | 1 Activemq | 2025-04-11 | 6.4 MEDIUM | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | |||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 10.0 HIGH | N/A |
| The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | |||||
| CVE-2011-2956 | 1 Azeotech | 1 Daqfactory | 2025-04-11 | 7.8 HIGH | N/A |
| AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2025-04-11 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | 5.8 MEDIUM | N/A |
| Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | |||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2025-04-11 | 5.8 MEDIUM | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2025-04-11 | 6.6 MEDIUM | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||||
| CVE-2010-1613 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
| Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | |||||
| CVE-2012-1145 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-04-11 | 5.0 MEDIUM | N/A |
| spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | |||||
| CVE-2012-2626 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 5.0 MEDIUM | N/A |
| cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | |||||
| CVE-2012-3408 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2025-04-11 | 2.6 LOW | N/A |
| lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2025-04-11 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
| CVE-2012-4392 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | 7.5 HIGH | N/A |
| index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | |||||
| CVE-2013-3613 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2025-04-11 | 7.8 HIGH | N/A |
| Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |||||
| CVE-2011-2733 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-11 | 7.5 HIGH | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information. | |||||
| CVE-2011-0380 | 1 Cisco | 1 Telepresence Manager | 2025-04-11 | 7.5 HIGH | N/A |
| Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. | |||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2025-04-11 | 7.5 HIGH | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | |||||
| CVE-2012-5351 | 1 Apache | 1 Axis2 | 2025-04-11 | 6.4 MEDIUM | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. | |||||