Total
4499 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0314 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | ||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | ||||
| CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2025-04-11 | N/A |
| file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | ||||
| CVE-2013-0282 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | ||||
| CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2025-04-11 | N/A |
| Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||
| CVE-2011-3478 | 1 Symantec | 1 Pcanywhere | 2025-04-11 | N/A |
| The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631. | ||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2025-04-11 | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | ||||
| CVE-2011-1901 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2025-04-11 | N/A |
| The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2012-0874 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2025-04-11 | N/A |
| The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. | ||||
| CVE-2013-4824 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. | ||||
| CVE-2013-2056 | 1 Redhat | 2 Network Satellite, Satellite | 2025-04-11 | N/A |
| The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | ||||
| CVE-2012-0944 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2025-04-11 | N/A |
| Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. | ||||
| CVE-2012-0062 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | ||||
| CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2025-04-11 | N/A |
| The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | ||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2013-7282 | 1 Nisuta | 4 Ns-wir150ne, Ns-wir150ne Firmware, Ns-wir300n and 1 more | 2025-04-11 | N/A |
| The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | ||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2025-04-11 | N/A |
| The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | ||||
| CVE-2011-1472 | 1 Nokia | 2 E75, E75 Firmware | 2025-04-11 | N/A |
| The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | ||||
| CVE-2011-1409 | 1 Ulli Horlacher | 1 Fex | 2025-04-11 | N/A |
| Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | ||||
| CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2025-04-11 | N/A |
| WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | ||||