Export limit exceeded: 365158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3577 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
CVE-2013-4782 1 Supermicro 1 Bmc 2025-04-11 N/A
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
CVE-2011-0039 1 Microsoft 2 Windows 2003 Server, Windows Xp 2025-04-11 N/A
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
CVE-2010-2149 1 Fujitsu 1 E-pares 2025-04-11 N/A
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-2983 1 Gentoo 1 Webmin 2025-04-11 N/A
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
CVE-2011-3478 1 Symantec 1 Pcanywhere 2025-04-11 N/A
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
CVE-2011-3463 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
CVE-2013-1200 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.
CVE-2013-6171 1 Dovecot 1 Dovecot 2025-04-11 N/A
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
CVE-2011-0688 1 Symantec 3 Antivirus, Antivirus Central Quarantine Server, System Center 2025-04-11 N/A
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
CVE-2011-4860 1 Schneider-electric 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 2025-04-11 N/A
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.
CVE-2010-0447 1 Hp 1 Openview Performance Insight 2025-04-11 N/A
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
CVE-2011-0384 1 Cisco 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software 2025-04-11 N/A
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
CVE-2010-4333 1 Pangramsoft 1 Pointter Php Micro-blogging Social Network 2025-04-11 N/A
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2010-3905 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
CVE-2012-5940 1 Ibm 1 Netezza 2025-04-11 N/A
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
CVE-2013-4304 2 Brion Vibber, Mediawiki 2 Centralauth Extension, Mediawiki 2025-04-11 N/A
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.
CVE-2013-5531 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
CVE-2010-3471 1 Ibm 1 Filenet P8 Application Engine 2025-04-11 N/A
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-5510 1 Cisco 1 Adaptive Security Appliance Software 2025-04-11 N/A
The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401.