Total
3408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3997 | 1 Opengear | 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more | 2011-11-16 | 7.5 HIGH | N/A |
| Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | |||||
| CVE-2009-5083 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2011-08-12 | 6.8 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2011-2963 | 1 Progea | 1 Movicon | 2011-08-01 | 10.0 HIGH | N/A |
| TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651. | |||||
| CVE-2011-2956 | 1 Azeotech | 1 Daqfactory | 2011-07-29 | 7.8 HIGH | N/A |
| AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. | |||||
| CVE-2008-1469 | 1 Gallarific | 1 Gallarific | 2011-07-25 | 6.4 MEDIUM | N/A |
| Gallarific Free Edition 1.1 does not require authentication for (1) photos.php, (2) comments.php, and (3) gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2011-07-25 | 10.0 HIGH | N/A |
| Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | |||||
| CVE-2011-2756 | 1 Manageengine | 1 Servicedesk Plus | 2011-07-19 | 5.0 MEDIUM | N/A |
| FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | |||||
| CVE-2011-2758 | 1 Ibm | 1 Tivoli Directory Server | 2011-07-19 | 5.0 MEDIUM | N/A |
| IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | |||||
| CVE-2011-1766 | 1 Mediawiki | 1 Mediawiki | 2011-06-16 | 5.8 MEDIUM | N/A |
| includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation. | |||||
| CVE-2011-1901 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 7.5 HIGH | N/A |
| The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2011-04-05 | 6.8 MEDIUM | N/A |
| The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | |||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2011-03-11 | 5.0 MEDIUM | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | |||||
| CVE-2009-0492 | 1 Simpleircbot | 1 Simpleircbot | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability." | |||||
| CVE-2009-0138 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. | |||||
| CVE-2008-5686 | 1 Ibm | 1 Tivoli Provisioning Manager | 2011-03-08 | 8.5 HIGH | N/A |
| IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | |||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | |||||
| CVE-2008-1130 | 1 Ibm | 1 Websphere Mq | 2011-03-08 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. | |||||
| CVE-2008-0895 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. | |||||
| CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2011-03-08 | 5.0 MEDIUM | N/A |
| gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2011-03-08 | 9.4 HIGH | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | |||||