Export limit exceeded: 12839 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12839 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0910 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. | ||||
| CVE-2012-3467 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | ||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | ||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2025-04-11 | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | ||||
| CVE-2010-1802 | 1 Apple | 3 Libsecurity, Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | ||||
| CVE-2010-1191 | 1 Sahanafoundation | 1 Sahana | 2025-04-11 | N/A |
| Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. | ||||
| CVE-2011-2758 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | ||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | ||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2025-04-11 | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | ||||
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2025-04-11 | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | ||||
| CVE-2012-3472 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. | ||||
| CVE-2012-3473 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | N/A |
| The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. | ||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2025-04-11 | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | ||||
| CVE-2010-2731 | 1 Microsoft | 1 Windows Xp | 2025-04-11 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." | ||||
| CVE-2013-4001 | 1 Ibm | 1 Cognos Command Center | 2025-04-11 | N/A |
| Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | ||||
| CVE-2013-5429 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | ||||
| CVE-2011-1409 | 1 Ulli Horlacher | 1 Fex | 2025-04-11 | N/A |
| Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | ||||
| CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | N/A |
| The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | ||||
| CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2025-04-11 | N/A |
| Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||