Total
4018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4333 | 1 Pangramsoft | 1 Pointter Php Micro-blogging Social Network | 2025-04-11 | 7.5 HIGH | N/A |
| Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2013-0540 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 3.5 LOW | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. | |||||
| CVE-2011-2676 | 2 Ark-web, Six Apart | 5 A-form, A-form Bamboo, A-form Pc and 2 more | 2025-04-11 | 5.5 MEDIUM | N/A |
| The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. | |||||
| CVE-2011-0091 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 6.4 MEDIUM | N/A |
| Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | |||||
| CVE-2013-5510 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401. | |||||
| CVE-2012-3315 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | |||||
| CVE-2012-0335 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. | |||||
| CVE-2010-0744 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-11 | 5.8 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2009-4808 | 1 Graugon | 1 Php Article Publisher | 2025-04-11 | 7.5 HIGH | N/A |
| admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | |||||
| CVE-2012-2285 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Virtual Edition | 2025-04-11 | 6.8 MEDIUM | N/A |
| EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2025-04-11 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-0392 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2025-04-11 | 7.5 HIGH | N/A |
| Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. | |||||
| CVE-2013-6171 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 5.8 MEDIUM | N/A |
| checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | |||||
| CVE-2012-1840 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-04-11 | 7.5 HIGH | N/A |
| AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | |||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | 7.5 HIGH | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2025-04-11 | 5.0 MEDIUM | N/A |
| file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | |||||
| CVE-2013-1200 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | |||||
| CVE-2012-4446 | 1 Apache | 1 Qpid | 2025-04-11 | 6.8 MEDIUM | N/A |
| The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | |||||