Search Results (4528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7282 1 Nisuta 4 Ns-wir150ne, Ns-wir150ne Firmware, Ns-wir300n and 1 more 2025-04-11 N/A
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header.
CVE-2011-3620 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
CVE-2012-6067 1 Freeftpd 1 Freeftpd 2025-04-11 N/A
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2012-3473 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
CVE-2011-2925 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.
CVE-2012-3472 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
CVE-2013-4877 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
CVE-2011-1561 1 Ibm 1 Aix 2025-04-11 N/A
The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.
CVE-2009-4987 1 Scripteen 1 Free Image Hosting Script 2025-04-11 N/A
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
CVE-2012-3408 2 Puppet, Puppetlabs 2 Puppet Enterprise, Puppet 2025-04-11 N/A
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
CVE-2007-6737 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2012-4545 2 Elinks, Redhat 2 Elinks, Enterprise Linux 2025-04-11 N/A
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
CVE-2009-4927 1 Webmobo 1 Wbnews 2025-04-11 N/A
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.
CVE-2013-7093 1 Sap 1 Network Interface Router 2025-04-11 N/A
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.
CVE-2010-1910 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
CVE-2008-4389 1 Symantec 2 Appstream, Workspace Streaming 2025-04-11 N/A
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors.
CVE-2009-5116 1 Mcafee 1 Linuxshield 2025-04-11 N/A
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account.
CVE-2011-4644 1 Splunk 1 Splunk 2025-04-11 N/A
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
CVE-2011-1025 2 Openldap, Redhat 2 Openldap, Enterprise Linux 2025-04-11 N/A
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
CVE-2013-0985 1 Apple 1 Mac Os X 2025-04-11 N/A
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.