Total
4495 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3356 | 1 Viewvc | 1 Viewvc | 2025-04-11 | N/A |
| The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2012-2626 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | N/A |
| cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | ||||
| CVE-2013-1405 | 1 Vmware | 6 Esx, Esxi, Vcenter Server and 3 more | 2025-04-11 | N/A |
| VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | ||||
| CVE-2013-6643 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2025-04-11 | N/A |
| The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | ||||
| CVE-2009-4987 | 1 Scripteen | 1 Free Image Hosting Script | 2025-04-11 | N/A |
| admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | ||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | ||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-11 | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2025-04-11 | N/A |
| The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. | ||||
| CVE-2012-2388 | 1 Strongswan | 1 Strongswan | 2025-04-11 | N/A |
| The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." | ||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | ||||
| CVE-2012-2281 | 1 Rsa | 2 Access Manager Agent, Access Manager Server | 2025-04-11 | N/A |
| EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | ||||
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2025-04-11 | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | ||||
| CVE-2013-2743 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2025-04-11 | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter. | ||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2025-04-11 | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | ||||
| CVE-2012-1806 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2025-04-11 | N/A |
| The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2012-1808 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2025-04-11 | N/A |
| The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | ||||
| CVE-2012-2562 | 2 Google, Xelex | 2 Android, Mobiletrack | 2025-04-11 | N/A |
| The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. | ||||
| CVE-2010-1222 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | N/A |
| CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | ||||
| CVE-2012-1123 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | ||||