Export limit exceeded: 11482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | N/A |
| CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | ||||
| CVE-2010-1191 | 1 Sahanafoundation | 1 Sahana | 2025-04-11 | N/A |
| Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. | ||||
| CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2025-04-11 | N/A |
| The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | ||||
| CVE-2010-0833 | 1 Likewise | 2 Likewise Cifs, Likewise Open | 2025-04-11 | N/A |
| The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | ||||
| CVE-2010-0756 | 1 Wikyblog | 1 Wikyblog | 2025-04-11 | N/A |
| Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main. | ||||
| CVE-2010-0744 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-11 | N/A |
| aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | ||||
| CVE-2009-4987 | 1 Scripteen | 1 Free Image Hosting Script | 2025-04-11 | N/A |
| admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | ||||
| CVE-2009-4929 | 1 Sweetphp | 1 Totalcalender | 2025-04-11 | N/A |
| admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | ||||
| CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2025-04-11 | N/A |
| WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | ||||
| CVE-2009-4909 | 1 Dootzky | 1 Oblog | 2025-04-11 | N/A |
| admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. | ||||
| CVE-2009-4879 | 1 Novell | 1 Access Manager | 2025-04-11 | N/A |
| The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | ||||
| CVE-2009-4843 | 1 Toutvirtual | 1 Virtualiq | 2025-04-11 | N/A |
| ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console. | ||||
| CVE-2009-4830 | 1 Openx | 1 Openx | 2025-04-11 | N/A |
| Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | ||||
| CVE-2009-4821 | 1 Dlink | 1 Dir-615 | 2025-04-11 | N/A |
| The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | ||||
| CVE-2009-4808 | 1 Graugon | 1 Php Article Publisher | 2025-04-11 | N/A |
| admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1. | ||||
| CVE-2013-5531 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
| Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. | ||||
| CVE-2013-5511 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815. | ||||
| CVE-2013-5510 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401. | ||||
| CVE-2009-4806 | 1 Digitalinterchange | 1 Digital Interchange Document Library | 2025-04-11 | N/A |
| admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2025-04-11 | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | ||||