Total
3408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3885 | 1 Airdroid | 1 Airdroid | 2012-07-27 | 7.5 HIGH | N/A |
| The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2012-3884 | 1 Airdroid | 1 Airdroid | 2012-07-27 | 5.0 MEDIUM | N/A |
| AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. | |||||
| CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2012-07-06 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-0695 | 1 Dell | 1 Wyse Device Manager | 2012-06-26 | 7.5 HIGH | N/A |
| hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | |||||
| CVE-2012-0717 | 1 Ibm | 1 Websphere Application Server | 2012-06-21 | 2.6 LOW | N/A |
| IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | |||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2012-06-13 | 5.0 MEDIUM | N/A |
| The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. | |||||
| CVE-2009-2070 | 1 Opera | 1 Opera Browser | 2012-06-07 | 6.8 MEDIUM | N/A |
| Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2012-0675 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 4.3 MEDIUM | N/A |
| Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | |||||
| CVE-2011-4022 | 1 Cisco | 1 Intrusion Prevention System | 2012-05-11 | 5.0 MEDIUM | N/A |
| The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. | |||||
| CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2012-03-21 | 5.0 MEDIUM | N/A |
| The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-07 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2011-4514 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 10.0 HIGH | N/A |
| The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | |||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 7.2 HIGH | N/A |
| WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | |||||
| CVE-2011-4214 | 1 Oneorzero | 1 Aims | 2012-01-27 | 10.0 HIGH | N/A |
| OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. | |||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2012-01-26 | 9.3 HIGH | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | |||||
| CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2012-01-19 | 2.1 LOW | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2011-12-26 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2011-12-19 | 10.0 HIGH | N/A |
| The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | |||||
| CVE-2011-4051 | 1 Indusoft | 1 Web Studio | 2011-12-08 | 10.0 HIGH | N/A |
| CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. | |||||
| CVE-2011-4677 | 1 Oneclickorgs | 1 One Click Orgs | 2011-12-06 | 7.5 HIGH | N/A |
| One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||