Search Results (4545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6159 1 Huawei 2 Ws331a Router, Ws331a Router Firmware 2025-04-12 N/A
The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface.
CVE-2016-3094 1 Apache 1 Qpid Broker-j 2025-04-12 5.9 Medium
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
CVE-2015-3143 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 N/A
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
CVE-2014-9184 1 Zte 1 Zxdsl 2025-04-12 N/A
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
CVE-2014-9278 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Fedora 2025-04-12 N/A
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
CVE-2014-9217 1 Torch Gmbh 1 Graylog2 2025-04-12 N/A
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.
CVE-2014-2828 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-12 N/A
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
CVE-2014-9045 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
CVE-2014-6387 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
CVE-2014-8472 1 Ca 1 Cloud Service Management 2025-04-12 N/A
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2014-0643 1 Emc 2 Rsa Netwitness, Rsa Security Analytics 2025-04-12 N/A
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
CVE-2014-0138 3 Debian, Haxx, Redhat 4 Debian Linux, Curl, Libcurl and 1 more 2025-04-12 N/A
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
CVE-2014-0132 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-12 N/A
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
CVE-2015-0607 1 Cisco 1 Ios 2025-04-12 N/A
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
CVE-2013-7302 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-12 N/A
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
CVE-2014-4168 1 Kryo 1 Iodine 2025-04-12 N/A
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
CVE-2013-4594 1 Payment For Webform Project 1 Payment For Webform 2025-04-12 N/A
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
CVE-2014-1911 1 Foscam 2 Fi8919w, Fi8919w Firmware 2025-04-12 N/A
The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.
CVE-2016-0763 4 Apache, Canonical, Debian and 1 more 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
CVE-2016-0755 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Curl 2025-04-12 N/A
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.