Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1269 | 1 Alice | 1 Gate2 Plus Wi-fi | 2018-10-11 | 7.1 HIGH | N/A |
| cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | |||||
| CVE-2008-1264 | 1 Linksys | 1 Wrt54g | 2018-10-11 | 7.5 HIGH | N/A |
| The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | |||||
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
| CVE-2008-1262 | 1 Airspan | 1 Wimax Prost | 2018-10-11 | 10.0 HIGH | N/A |
| The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/. | |||||
| CVE-2008-1259 | 1 Zyxel | 1 P-2602hw-d1a | 2018-10-11 | 9.3 HIGH | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | |||||
| CVE-2008-1134 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-11 | 6.4 MEDIUM | N/A |
| OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. | |||||
| CVE-2008-1106 | 2 Akamai Technologies, Red Swoosh | 2 Client, Client | 2018-10-11 | 7.1 HIGH | N/A |
| The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. | |||||
| CVE-2018-2449 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2018-10-11 | 7.5 HIGH | 8.6 HIGH |
| SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | |||||
| CVE-2018-7069 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2018-10-10 | 7.5 HIGH | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2010-4333 | 1 Pangramsoft | 1 Pointter Php Micro-blogging Social Network | 2018-10-10 | 7.5 HIGH | N/A |
| Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2010-4573 | 1 Vmware | 1 Esxi | 2018-10-10 | 9.3 HIGH | N/A |
| The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | |||||
| CVE-2010-4232 | 2 Camtron, Tecvoz | 4 Cmnc-200, Cmnc-200 Firmware, Cmnc-200 and 1 more | 2018-10-10 | 10.0 HIGH | N/A |
| The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | |||||
| CVE-2010-4279 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 10.0 HIGH | N/A |
| The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | |||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2018-10-10 | 7.5 HIGH | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | |||||
| CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2018-10-10 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||
| CVE-2010-1910 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2018-10-10 | 5.1 MEDIUM | N/A |
| The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. | |||||
| CVE-2010-1454 | 1 Vmware | 1 Tc Server | 2018-10-10 | 6.8 MEDIUM | N/A |
| com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. | |||||
| CVE-2010-1222 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2018-10-10 | 5.0 MEDIUM | N/A |
| CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | |||||
| CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2018-10-10 | 5.0 MEDIUM | N/A |
| CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | |||||