Total
4062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0335 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. | ||||
| CVE-2011-0383 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2025-04-11 | N/A |
| The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | ||||
| CVE-2011-3298 | 1 Cisco | 6 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 3 more | 2025-04-11 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274. | ||||
| CVE-2011-2925 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | N/A |
| Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | ||||
| CVE-2011-2766 | 2 Debian, Fast Cgi Project | 2 Debian Linux, Fast Cgi | 2025-04-11 | N/A |
| The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | ||||
| CVE-2011-2758 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. | ||||
| CVE-2013-0578 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2025-04-11 | N/A |
| The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. | ||||
| CVE-2012-4613 | 1 Emc | 1 Rsa Data Protection Manager Appliance | 2025-04-11 | N/A |
| EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | ||||
| CVE-2011-2756 | 1 Manageengine | 1 Servicedesk Plus | 2025-04-11 | N/A |
| FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | ||||
| CVE-2011-2676 | 2 Ark-web, Six Apart | 5 A-form, A-form Bamboo, A-form Pc and 2 more | 2025-04-11 | N/A |
| The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. | ||||
| CVE-2011-2361 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. | ||||
| CVE-2011-2155 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | N/A |
| Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | ||||
| CVE-2011-1766 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation. | ||||
| CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2025-04-11 | N/A |
| The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | ||||
| CVE-2011-1674 | 1 Netgear | 2 Prosafe Wnap210, Prosafe Wnap210 Firmware | 2025-04-11 | N/A |
| The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | ||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2025-04-11 | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | ||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2025-04-11 | N/A |
| The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | ||||
| CVE-2011-1520 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | N/A |
| The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | ||||
| CVE-2011-1472 | 1 Nokia | 2 E75, E75 Firmware | 2025-04-11 | N/A |
| The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | ||||
| CVE-2011-1409 | 1 Ulli Horlacher | 1 Fex | 2025-04-11 | N/A |
| Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | ||||