Search
Total
980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3478 | 1 Symantec | 1 Pcanywhere | 2018-01-06 | 10.0 HIGH | N/A |
| The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631. | |||||
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||||
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-3430 | 1 Dovecot | 1 Dovecot | 2017-12-29 | 5.0 MEDIUM | N/A |
| Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. | |||||
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2017-12-22 | 10.0 HIGH | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
| CVE-2012-1808 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2017-12-20 | 10.0 HIGH | N/A |
| The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | |||||
| CVE-2012-1806 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2017-12-20 | 7.5 HIGH | N/A |
| The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2014-0166 | 1 Wordpress | 1 Wordpress | 2017-12-16 | 6.4 MEDIUM | N/A |
| The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. | |||||
| CVE-2012-2414 | 1 Asterisk | 1 Open Source | 2017-12-14 | 6.5 MEDIUM | N/A |
| main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. | |||||
| CVE-2012-0400 | 1 Rsa | 1 Envision | 2017-12-06 | 7.9 HIGH | N/A |
| EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-3656 | 1 Cybozu | 1 Cybozu Office | 2017-11-29 | 5.8 MEDIUM | N/A |
| Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||||
| CVE-2014-8088 | 1 Zend | 1 Zend Framework | 2017-11-04 | 5.0 MEDIUM | N/A |
| The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. | |||||
| CVE-2014-2685 | 1 Zend | 2 Zend Framework, Zendopenid | 2017-11-04 | 7.5 HIGH | N/A |
| The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2017-10-19 | 7.5 HIGH | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2009-0460 | 1 Wholehogsoftware | 1 Ware Support | 2017-10-19 | 7.5 HIGH | N/A |
| Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | |||||
| CVE-2008-3320 | 1 Maian | 1 Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | |||||
| CVE-2008-3319 | 1 Maian | 1 Links | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||||
| CVE-2008-3318 | 1 Maian | 1 Weblog | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2017-10-19 | 7.5 HIGH | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | |||||
| CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2017-10-19 | 7.5 HIGH | N/A |
| AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | |||||
| CVE-2008-5967 | 1 Phpicalendar | 1 Phpicalendar | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | |||||
| CVE-2007-1859 | 2 Redhat, Xscreensaver | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | |||||
| CVE-2007-1480 | 1 Creative Guestbook | 1 Creative Guestbook | 2017-10-11 | 7.5 HIGH | N/A |
| Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | |||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2017-10-11 | 7.1 HIGH | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2017-10-10 | 9.3 HIGH | N/A |
| HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||||
| CVE-2009-2168 | 1 Egyplus | 1 7ammel | 2017-09-29 | 7.5 HIGH | N/A |
| cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | |||||
| CVE-2009-1618 | 1 Teraway | 1 Livehelp | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. | |||||
| CVE-2009-1619 | 1 Teraway | 1 Filestream | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. | |||||
| CVE-2009-2117 | 1 Phportal | 1 Phportal | 2017-09-29 | 7.5 HIGH | N/A |
| uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username. | |||||
| CVE-2009-1489 | 1 Rens Rikkerink | 1 Fungamez | 2017-09-29 | 7.5 HIGH | N/A |
| includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter. | |||||
| CVE-2009-1617 | 1 Teraway | 1 Linktracker | 2017-09-29 | 7.5 HIGH | N/A |
| Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. | |||||
| CVE-2009-2040 | 1 Grestul | 1 Grestul | 2017-09-29 | 7.5 HIGH | N/A |
| admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. | |||||
| CVE-2009-1050 | 1 Kamads | 1 Bloginator | 2017-09-29 | 7.5 HIGH | N/A |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. | |||||
| CVE-2009-1825 | 1 Collector | 1 Mycolex | 2017-09-29 | 4.0 MEDIUM | N/A |
| modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | |||||
| CVE-2009-1826 | 1 Collector | 1 Mygesuad | 2017-09-29 | 6.5 MEDIUM | N/A |
| modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | |||||
| CVE-2009-1664 | 1 Easy-scripts | 1 Answer And Question Script | 2017-09-29 | 7.5 HIGH | N/A |
| myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters. | |||||
| CVE-2009-1670 | 1 Tcpdb | 1 Tcpdb | 2017-09-29 | 7.5 HIGH | N/A |
| user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1854 | 1 Cmsnx | 1 Million Dollar Text Links | 2017-09-29 | 7.5 HIGH | N/A |
| Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1. | |||||
| CVE-2009-0864 | 1 Matteoiammarrone | 1 S-cms | 2017-09-29 | 7.5 HIGH | N/A |
| S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | |||||
| CVE-2009-1587 | 1 Kalptarudemos | 1 Php Site Lock | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. | |||||
| CVE-2009-1549 | 1 Agtc | 1 Agtc Myshop | 2017-09-29 | 7.5 HIGH | N/A |
| AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto." | |||||
| CVE-2009-1638 | 1 T-dreams | 1 Job Career Package | 2017-09-29 | 7.5 HIGH | N/A |
| Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login. | |||||
| CVE-2009-1580 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | |||||
| CVE-2009-2003 | 1 Ascadnetworks | 1 Password Protector Sd | 2017-09-29 | 7.5 HIGH | N/A |
| Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." | |||||
| CVE-2009-1504 | 1 Xigla | 1 Absolute Control Panel Xe | 2017-09-29 | 7.5 HIGH | N/A |
| Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1." | |||||
| CVE-2008-6864 | 1 Xigla | 1 Absolute Live Support .net | 2017-09-29 | 7.5 HIGH | N/A |
| Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||||
| CVE-2008-7028 | 1 Aves | 1 Rpg Board | 2017-09-29 | 7.5 HIGH | N/A |
| RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value. | |||||
| CVE-2008-7027 | 1 Libra File Manager | 1 Php Filemanager | 2017-09-29 | 7.5 HIGH | N/A |
| Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1. | |||||