Total
4107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6737 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2011-0718 | 1 Redhat | 2 Network Satellite, Network Satellite Server | 2025-04-11 | N/A |
| Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks. | ||||
| CVE-2010-4488 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2010-4481 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2025-04-11 | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | ||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2012-4456 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. | ||||
| CVE-2011-1025 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2025-04-11 | N/A |
| bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. | ||||
| CVE-2011-2176 | 2 Gnome, Redhat | 2 Networkmanager, Enterprise Linux | 2025-04-11 | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | ||||
| CVE-2012-0335 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. | ||||
| CVE-2012-4078 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | ||||
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2025-04-11 | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | ||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2025-04-11 | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | ||||
| CVE-2008-4389 | 1 Symantec | 2 Appstream, Workspace Streaming | 2025-04-11 | N/A |
| Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors. | ||||
| CVE-2012-4446 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | ||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | ||||
| CVE-2010-3685 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2013-6920 | 1 Siemens | 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more | 2025-04-11 | N/A |
| Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | ||||
| CVE-2010-2944 | 1 Jens Vagelpohl | 1 Zope-ldapuserfolder | 2025-04-11 | N/A |
| The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | ||||
| CVE-2010-4690 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2025-04-11 | N/A |
| The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. | ||||