Total
4198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | ||||
| CVE-2006-2369 | 1 Vnc | 1 Realvnc | 2025-04-03 | N/A |
| RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | ||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | ||||
| CVE-2003-1475 | 1 Netbus | 1 Netbus | 2025-04-03 | N/A |
| Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | ||||
| CVE-2006-1228 | 1 Drupal | 1 Drupal | 2025-04-03 | N/A |
| Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | ||||
| CVE-2002-2417 | 1 Acftp | 1 Acftp | 2025-04-03 | N/A |
| acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | ||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | N/A |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | ||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | ||||
| CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2025-04-03 | N/A |
| upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | ||||
| CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2025-04-03 | N/A |
| Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | ||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2025-04-03 | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | ||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | ||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2025-04-03 | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | ||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | ||||
| CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2025-04-03 | N/A |
| The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | ||||
| CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2025-04-03 | N/A |
| LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | ||||
| CVE-2002-2279 | 1 Aldap | 1 Aldap | 2025-04-03 | N/A |
| Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | ||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | N/A |
| Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | ||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2025-04-03 | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | ||||
| CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2025-04-03 | N/A |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | ||||