Export limit exceeded: 349343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2025-04-11 | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | ||||
| CVE-2010-4690 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2025-04-11 | N/A |
| The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. | ||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | ||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2025-04-11 | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | ||||
| CVE-2011-1409 | 1 Ulli Horlacher | 1 Fex | 2025-04-11 | N/A |
| Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | ||||
| CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2025-04-11 | N/A |
| Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||
| CVE-2011-2014 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." | ||||
| CVE-2012-5633 | 2 Apache, Redhat | 7 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 4 more | 2025-04-11 | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | ||||
| CVE-2011-2155 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | ||||
| CVE-2011-2176 | 2 Gnome, Redhat | 2 Networkmanager, Enterprise Linux | 2025-04-11 | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | ||||
| CVE-2013-3060 | 2 Apache, Redhat | 3 Activemq, Fuse Message Broker, Fuse Mq Enterprise | 2025-04-11 | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | ||||
| CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | ||||
| CVE-2011-3297 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software | 2025-04-11 | N/A |
| Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | ||||
| CVE-2011-3372 | 2 Cyrus, Redhat | 2 Imapd, Enterprise Linux | 2025-04-11 | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | ||||
| CVE-2011-3997 | 1 Opengear | 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more | 2025-04-11 | N/A |
| Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | ||||
| CVE-2011-4022 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-11 | N/A |
| The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. | ||||
| CVE-2013-2067 | 2 Apache, Redhat | 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-11 | N/A |
| java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. | ||||
| CVE-2011-4214 | 1 Oneorzero | 1 Aims | 2025-04-11 | N/A |
| OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. | ||||
| CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | ||||
| CVE-2011-5053 | 1 Wi-fi | 1 Wifi Protected Setup Protocol | 2025-04-11 | N/A |
| The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | ||||