Export limit exceeded: 10887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2025-04-11 | N/A |
| The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | ||||
| CVE-2013-2056 | 1 Redhat | 2 Network Satellite, Satellite | 2025-04-11 | N/A |
| The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | ||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2025-04-11 | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | ||||
| CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2025-04-11 | N/A |
| Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | ||||
| CVE-2013-3581 | 1 Choice Wireless | 1 Wixfmr-111 | 2025-04-11 | N/A |
| ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information via an Ajax (1) wmxState or (2) netState request. | ||||
| CVE-2013-2944 | 1 Strongswan | 1 Strongswan | 2025-04-11 | N/A |
| strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | ||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2025-04-11 | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | ||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2011-4214 | 1 Oneorzero | 1 Aims | 2025-04-11 | N/A |
| OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. | ||||
| CVE-2011-2014 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." | ||||
| CVE-2010-2526 | 2 Heinz Mauelshagen, Redhat | 4 Lvm2, Cluster Suite, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. | ||||
| CVE-2012-5353 | 1 Eduserv | 1 Openathens Service Provider | 2025-04-11 | N/A |
| Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | ||||
| CVE-2012-5352 | 1 Josso | 1 Java Open Single Sign-on Project Home | 2025-04-11 | N/A |
| Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | ||||
| CVE-2012-5309 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | N/A |
| servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2012-4457 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | ||||
| CVE-2009-5116 | 1 Mcafee | 1 Linuxshield | 2025-04-11 | N/A |
| McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | ||||
| CVE-2008-7263 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2013-4435 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | ||||
| CVE-2012-4446 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | ||||