Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2017-09-19 | 7.5 HIGH | N/A |
| admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | |||||
| CVE-2009-2231 | 1 Mid.as | 1 Midas | 2017-09-19 | 7.5 HIGH | N/A |
| MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | |||||
| CVE-2009-3423 | 1 Zenas | 1 Paolink | 2017-09-19 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2009-2255 | 1 Zen-cart | 1 Zen Cart | 2017-09-19 | 6.8 MEDIUM | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. | |||||
| CVE-2009-2697 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2017-09-19 | 6.8 MEDIUM | N/A |
| The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | |||||
| CVE-2009-3158 | 1 Carsten Wulff | 1 Simplephpweb | 2017-09-19 | 7.5 HIGH | N/A |
| admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2328 | 1 Max Kervin | 1 Kervinet Forum | 2017-09-19 | 7.5 HIGH | N/A |
| admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||||
| CVE-2009-2233 | 1 Awscripts | 1 Gallery Search Engine | 2017-09-19 | 7.5 HIGH | N/A |
| The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||||
| CVE-2009-2642 | 1 Desiscripts | 1 Desi Short Url Script | 2017-09-19 | 7.5 HIGH | N/A |
| index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||||
| CVE-2009-3966 | 1 Arcadetradescript | 1 Arcade Trade Script | 2017-09-19 | 7.5 HIGH | N/A |
| Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | |||||
| CVE-2009-3422 | 1 Zenas | 1 Paoliber | 2017-09-19 | 6.8 MEDIUM | N/A |
| login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | |||||
| CVE-2017-1520 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2017-09-15 | 4.3 MEDIUM | 3.7 LOW |
| IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||||
| CVE-2017-14117 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2017-09-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | |||||
| CVE-2015-6401 | 1 Cisco | 1 Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2017-09-13 | 7.5 HIGH | N/A |
| Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | |||||
| CVE-2015-1401 | 1 Ldap \/ Sso Authentication Project | 1 Ldap \/ Sso Authentication | 2017-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | |||||
| CVE-2015-8332 | 1 Huawei | 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more | 2017-09-08 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | |||||
| CVE-2014-8472 | 1 Ca | 1 Cloud Service Management | 2017-09-08 | 6.8 MEDIUM | N/A |
| CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-8896 | 1 Ibm | 2 Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management | 2017-09-08 | 4.0 MEDIUM | N/A |
| The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors. | |||||
| CVE-2014-6116 | 1 Ibm | 1 Websphere Mq | 2017-09-08 | 4.3 MEDIUM | N/A |
| The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | |||||
| CVE-2014-6379 | 1 Juniper | 1 Junos | 2017-09-08 | 7.5 HIGH | N/A |
| Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors. | |||||