Total
4021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
| CVE-2006-2224 | 1 Quagga | 1 Quagga Routing Software Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | |||||
| CVE-2005-4006 | 1 Redgraphic | 1 Sapid Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. | |||||
| CVE-2003-1475 | 1 Netbus | 1 Netbus | 2025-04-03 | 6.8 MEDIUM | N/A |
| Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2025-04-03 | 6.8 MEDIUM | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | |||||
| CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2025-04-03 | 7.5 HIGH | N/A |
| newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | |||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2025-04-03 | 10.0 HIGH | N/A |
| The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2025-04-03 | 7.5 HIGH | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||||
| CVE-2006-2369 | 1 Vnc | 1 Realvnc | 2025-04-03 | 7.5 HIGH | N/A |
| RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | |||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | |||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
| The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | |||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2025-04-03 | 10.0 HIGH | N/A |
| webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2025-04-03 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | |||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2025-04-03 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | |||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2025-04-03 | 9.3 HIGH | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2025-04-03 | 10.0 HIGH | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||||
| CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | |||||