Export limit exceeded: 365162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4808 1 Graugon 1 Php Article Publisher 2025-04-11 N/A
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
CVE-2009-4821 1 Dlink 1 Dir-615 2025-04-11 N/A
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
CVE-2010-1022 2 Marcus Krause, Typo3 2 T3sec Saltedpw, Typo3 2025-04-11 N/A
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2010-1040 1 Tejimaya 1 Openpne 2025-04-11 N/A
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
CVE-2010-1454 1 Vmware 1 Tc Server 2025-04-11 N/A
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
CVE-2010-2940 1 Fedoraproject 1 Sssd 2025-04-11 N/A
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
CVE-2010-4488 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2011-0380 1 Cisco 1 Telepresence Manager 2025-04-11 N/A
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.
CVE-2011-0383 1 Cisco 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more 2025-04-11 N/A
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
CVE-2011-0453 1 F-secure 1 Internet Gatekeeper 2025-04-11 N/A
F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port.
CVE-2011-1674 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.
CVE-2011-2155 1 Smartertools 1 Smarterstats 2025-04-11 N/A
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.
CVE-2011-2361 1 Google 1 Chrome 2025-04-11 N/A
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
CVE-2011-3997 1 Opengear 7 Acm5000 Console Server, Cm4000 Console Server, Im4004-5 Console Server and 4 more 2025-04-11 N/A
Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.
CVE-2011-4022 1 Cisco 1 Intrusion Prevention System 2025-04-11 N/A
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
CVE-2012-0240 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0931 1 Schneider-electric 1 Modicon Quantum Plc 2025-04-11 9.8 Critical
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
CVE-2012-0944 2 Canonical, Sebastian Heinlein 2 Ubuntu Linux, Aptdaemon 2025-04-11 N/A
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
CVE-2012-2285 1 Emc 2 Cloud Tiering Appliance, Cloud Tiering Appliance Virtual Edition 2025-04-11 N/A
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.
CVE-2012-2287 2 Emc, Microsoft 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more 2025-04-11 N/A
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.