Export limit exceeded: 12767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12767 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4821 1 Dlink 1 Dir-615 2025-04-11 N/A
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
CVE-2013-4731 1 Choice-wireless 1 Wixfmr-111 2025-04-11 N/A
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
CVE-2010-1022 2 Marcus Krause, Typo3 2 T3sec Saltedpw, Typo3 2025-04-11 N/A
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2011-1472 1 Nokia 2 E75, E75 Firmware 2025-04-11 N/A
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
CVE-2010-0833 1 Likewise 2 Likewise Cifs, Likewise Open 2025-04-11 N/A
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
CVE-2013-2113 2 Redhat, Theforeman 2 Openstack, Foreman 2025-04-11 N/A
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
CVE-2012-0931 1 Schneider-electric 1 Modicon Quantum Plc 2025-04-11 9.8 Critical
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
CVE-2010-1040 1 Tejimaya 1 Openpne 2025-04-11 N/A
The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.
CVE-2010-1454 1 Vmware 1 Tc Server 2025-04-11 N/A
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
CVE-2013-3586 1 Samsung 2 Dvr, Smart Viewer 2025-04-11 N/A
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
CVE-2012-3473 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
CVE-2010-0550 1 Geopp 1 Geo\+\+ Gncaster 2025-04-11 N/A
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
CVE-2012-4392 1 Owncloud 1 Owncloud Server 2025-04-11 N/A
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
CVE-2009-4806 1 Digitalinterchange 1 Digital Interchange Document Library 2025-04-11 N/A
admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2012-3472 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
CVE-2010-1910 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
CVE-2009-4801 1 Will Kraft 1 Ez-blog 2025-04-11 N/A
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts.
CVE-2012-0944 2 Canonical, Sebastian Heinlein 2 Ubuntu Linux, Aptdaemon 2025-04-11 N/A
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
CVE-2010-0834 2 Dell, Ubuntu 2 Latitude 2110 Netbook, Ubuntu Linux 2025-04-11 N/A
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.