Search
Total
980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3814 | 1 Cisco | 1 Unity | 2017-08-08 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | |||||
| CVE-2008-3611 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.3 MEDIUM | N/A |
| Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | |||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.6 HIGH | N/A |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | |||||
| CVE-2008-3579 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2017-08-08 | 7.8 HIGH | N/A |
| Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2017-08-08 | 6.5 MEDIUM | N/A |
| Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
| CVE-2008-2406 | 1 Sun | 1 Java Asp Server | 2017-08-08 | 7.5 HIGH | N/A |
| The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. | |||||
| CVE-2008-2516 | 1 Libpam-pgsql | 1 Libpam-pgsql | 2017-08-08 | 4.6 MEDIUM | N/A |
| pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an "auth sufficient pam_pgsql.so" configuration. | |||||
| CVE-2008-2524 | 1 Blogphp | 1 Blogphp | 2017-08-08 | 5.0 MEDIUM | N/A |
| BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie. | |||||
| CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | |||||
| CVE-2008-2705 | 1 Sun | 1 Java System Access Manager | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | |||||
| CVE-2008-3299 | 1 Esyndicat | 1 Esyndicat | 2017-08-08 | 7.5 HIGH | N/A |
| eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2017-08-08 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | |||||
| CVE-2008-3503 | 1 Webgui | 1 Plain Black Webgui | 2017-08-08 | 5.0 MEDIUM | N/A |
| RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | |||||
| CVE-2008-3504 | 1 Mpfm | 1 Mask Php File Manager | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." | |||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2017-08-08 | 6.4 MEDIUM | N/A |
| Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||||
| CVE-2008-1356 | 1 Sun | 1 Solaris | 2017-08-08 | 6.3 MEDIUM | N/A |
| Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | |||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2017-08-08 | 10.0 HIGH | N/A |
| The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-0706 | 2 Compaq, Hp | 4 Presario A900, Presario C700, G7000 and 1 more | 2017-08-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | |||||
| CVE-2008-0536 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. | |||||
| CVE-2008-0476 | 1 Manageengine | 1 Applications Manager | 2017-08-08 | 6.4 MEDIUM | N/A |
| ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0330 | 1 Radiator | 1 Radius Server | 2017-08-08 | 7.8 HIGH | N/A |
| Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. | |||||
| CVE-2007-6714 | 1 Dbmail | 1 Dbmail | 2017-08-08 | 6.8 MEDIUM | N/A |
| DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. | |||||
| CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2017-08-08 | 2.1 LOW | N/A |
| The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | |||||
| CVE-2008-0823 | 1 Drupal | 1 Header Image | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||||
| CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2017-08-08 | 10.0 HIGH | N/A |
| EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |||||
| CVE-2007-6145 | 1 Hitachi | 1 Jp1 File Transmission Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | |||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2017-07-29 | 7.5 HIGH | N/A |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | |||||
| CVE-2007-4747 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2017-07-29 | 10.0 HIGH | N/A |
| The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729. | |||||
| CVE-2007-4693 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 7.2 HIGH | N/A |
| The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | |||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | |||||
| CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2007-5855 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.4 MEDIUM | N/A |
| Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | |||||
| CVE-2007-5791 | 1 Vonage | 1 Motorola Phone Adapter Vt2142-vd | 2017-07-29 | 10.0 HIGH | N/A |
| The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content. | |||||
| CVE-2007-5152 | 1 Sun | 2 Java System Access Manager, Java System Application Server | 2017-07-29 | 7.5 HIGH | N/A |
| Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | |||||
| CVE-2007-4364 | 1 Fedoraproject | 1 Commons | 2017-07-29 | 8.5 HIGH | N/A |
| Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. | |||||
| CVE-2007-4438 | 1 Ampache | 1 Ampache | 2017-07-29 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2007-3754 | 1 Apple | 1 Iphone | 2017-07-29 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | |||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-29 | 5.0 MEDIUM | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
| CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2017-07-29 | 5.0 MEDIUM | N/A |
| OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2017-07-29 | 7.5 HIGH | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||||
| CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2017-07-29 | 7.1 HIGH | N/A |
| LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | |||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2017-07-29 | 4.3 MEDIUM | N/A |
| Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | |||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2017-07-29 | 6.8 MEDIUM | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | |||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2017-07-29 | 7.5 HIGH | N/A |
| The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | |||||
| CVE-2003-1475 | 1 Netbus | 1 Netbus | 2017-07-29 | 6.8 MEDIUM | N/A |
| Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
| CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2017-07-29 | 7.5 HIGH | N/A |
| edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||