Export limit exceeded: 12763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0380 1 Cisco 1 Telepresence Manager 2025-04-11 N/A
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.
CVE-2011-0383 1 Cisco 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more 2025-04-11 N/A
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
CVE-2013-0935 1 Emc 1 Smarts Network Configuration Manager 2025-04-11 N/A
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4456 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
CVE-2012-4446 2 Apache, Redhat 2 Qpid, Enterprise Mrg 2025-04-11 N/A
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2011-1472 1 Nokia 2 E75, E75 Firmware 2025-04-11 N/A
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
CVE-2012-4392 1 Owncloud 1 Owncloud Server 2025-04-11 N/A
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
CVE-2013-2245 1 Moodle 1 Moodle 2025-04-11 N/A
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
CVE-2011-1674 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.
CVE-2011-2907 1 Clusterresources 1 Torque Resource Manager 2025-04-11 N/A
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.
CVE-2012-2281 1 Rsa 2 Access Manager Agent, Access Manager Server 2025-04-11 N/A
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
CVE-2012-3473 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
CVE-2012-3472 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
CVE-2010-4332 1 Pangramsoft 1 Pointter Php Content Management System 2025-04-11 N/A
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2007-6737 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2012-2626 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
CVE-2012-2388 1 Strongswan 1 Strongswan 2025-04-11 N/A
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
CVE-2010-4690 1 Cisco 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 2025-04-11 N/A
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.
CVE-2011-0279 1 Hp 1 Multifunction Peripheral Digital Sending Software 2025-04-11 N/A
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.