Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5791 | 1 Jantek | 2 Jtc-200, Jtc-200 Firmware | 2017-11-03 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | |||||
| CVE-2017-5152 | 1 Advantech | 1 Webaccess | 2017-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | |||||
| CVE-2017-1222 | 1 Ibm | 1 Bigfix Platform | 2017-10-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862. | |||||
| CVE-2016-8937 | 1 Ibm | 1 Tivoli Storage Manager | 2017-10-25 | 5.0 MEDIUM | 9.8 CRITICAL |
| The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. | |||||
| CVE-2008-3318 | 1 Maian | 1 Weblog | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||||
| CVE-2008-3203 | 1 Auracms | 1 Auracms | 2017-10-19 | 7.5 HIGH | N/A |
| js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | |||||
| CVE-2008-3320 | 1 Maian | 1 Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | |||||
| CVE-2008-3321 | 1 Maian Script World | 1 Maian Uploader | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | |||||
| CVE-2008-5967 | 1 Phpicalendar | 1 Phpicalendar | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | |||||
| CVE-2009-0461 | 1 Wholehogsoftware | 1 Password Protect | 2017-10-19 | 7.5 HIGH | N/A |
| Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2008-2269 | 1 Kevin Ludlow | 1 Austinsmoke Gastracker | 2017-10-19 | 7.5 HIGH | N/A |
| AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | |||||
| CVE-2009-0460 | 1 Wholehogsoftware | 1 Ware Support | 2017-10-19 | 7.5 HIGH | N/A |
| Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie. | |||||
| CVE-2008-3319 | 1 Maian | 1 Links | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||||
| CVE-2008-3322 | 1 Maian | 1 Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||||
| CVE-2007-1859 | 2 Redhat, Xscreensaver | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | |||||
| CVE-2007-1480 | 1 Creative Guestbook | 1 Creative Guestbook | 2017-10-11 | 7.5 HIGH | N/A |
| Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | |||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2017-10-11 | 7.1 HIGH | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
| CVE-2017-14766 | 1 Saadamin | 1 Simple Student Result | 2017-10-10 | 6.4 MEDIUM | 7.5 HIGH |
| The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number. | |||||
| CVE-2017-5192 | 1 Saltstack | 1 Salt | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | |||||
| CVE-2017-14706 | 1 Denyall | 2 I-suite, Web Application Firewall | 2017-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||