Total
3408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5797 | 1 Apache | 1 Geronimo | 2011-03-08 | 7.5 HIGH | N/A |
| SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | |||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2011-0920 | 1 Ibm | 1 Lotus Domino | 2011-02-14 | 9.3 HIGH | N/A |
| The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS. | |||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-01-12 | 4.4 MEDIUM | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | |||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2011-01-11 | 4.4 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
| CVE-2010-1097 | 1 Dedecms | 1 Dedecms | 2010-12-14 | 6.8 MEDIUM | N/A |
| include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | |||||
| CVE-2010-3868 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2010-11-18 | 5.8 MEDIUM | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | |||||
| CVE-2008-7263 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 7.5 HIGH | N/A |
| ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2007-6737 | 1 G.rodola | 1 Pyftpdlib | 2010-10-20 | 7.5 HIGH | N/A |
| FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2010-3739 | 1 Ibm | 1 Db2 Universal Database | 2010-10-06 | 6.4 MEDIUM | N/A |
| The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | |||||
| CVE-2010-3091 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2010-09-30 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2010-09-30 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2010-3685 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2010-09-30 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2010-09-21 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-2149 | 1 Fujitsu | 1 E-pares | 2010-09-21 | 4.0 MEDIUM | N/A |
| Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-1802 | 1 Apple | 3 Libsecurity, Mac Os X, Mac Os X Server | 2010-08-26 | 6.4 MEDIUM | N/A |
| libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | |||||
| CVE-2010-2944 | 1 Jens Vagelpohl | 1 Zope-ldapuserfolder | 2010-08-23 | 7.5 HIGH | N/A |
| The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | |||||
| CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2010-08-10 | 9.3 HIGH | N/A |
| The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2009-4830 | 1 Openx | 1 Openx | 2010-07-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | |||||