Search Results (4544 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0209 1 Sixapart 1 Movable Type 2025-04-11 N/A
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
CVE-2012-0240 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-6347 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-6737 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2010-0447 1 Hp 1 Openview Performance Insight 2025-04-11 N/A
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
CVE-2010-0498 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
CVE-2013-1155 1 Cisco 1 Firewall Services Module Software 2025-04-11 N/A
The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.
CVE-2013-1134 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
CVE-2013-1080 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVE-2013-4001 1 Ibm 1 Cognos Command Center 2025-04-11 N/A
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
CVE-2011-4677 1 Oneclickorgs 1 One Click Orgs 2025-04-11 N/A
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2012-2498 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-11 N/A
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
CVE-2014-0739 1 Cisco 1 Adaptive Security Appliance Software 2025-04-11 N/A
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.
CVE-2012-3424 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2025-04-11 N/A
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
CVE-2013-1865 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Folsom, Openstack 2025-04-11 N/A
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2014-0738 1 Cisco 1 Adaptive Security Appliance Software 2025-04-11 N/A
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
CVE-2012-5633 2 Apache, Redhat 7 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 4 more 2025-04-11 N/A
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
CVE-2013-0578 1 Ibm 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation 2025-04-11 N/A
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.
CVE-2009-4808 1 Graugon 1 Php Article Publisher 2025-04-11 N/A
admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
CVE-2013-3613 1 Dahuasecurity 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more 2025-04-11 N/A
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.