Total
4198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1602 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | N/A |
| user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | ||||
| CVE-2012-3002 | 2 Foscam, Wansview | 2 H.264 Hi3510\/11\/12 Ip Camera, H.264 Hi3510\/11\/12 Ip Camera | 2025-04-11 | N/A |
| The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. | ||||
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2025-04-11 | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | ||||
| CVE-2012-2626 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | N/A |
| cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | ||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2025-04-11 | N/A |
| The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. | ||||
| CVE-2012-2437 | 1 Awcm-cms | 1 Ar Web Content Manager | 2025-04-11 | N/A |
| cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. | ||||
| CVE-2012-2281 | 1 Rsa | 2 Access Manager Agent, Access Manager Server | 2025-04-11 | N/A |
| EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | ||||
| CVE-2011-2762 | 1 Lifesize | 2 Lifesize Room Appliance, Lifesize Room Appliance Software | 2025-04-11 | N/A |
| The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. | ||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2025-04-11 | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | ||||
| CVE-2013-5511 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815. | ||||
| CVE-2012-1840 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-04-11 | N/A |
| AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | ||||
| CVE-2012-1806 | 1 Koyo | 8 H0-ecom, H0-ecom100, H2-ecom and 5 more | 2025-04-11 | N/A |
| The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2025-04-11 | N/A |
| The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | ||||
| CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | ||||
| CVE-2012-1123 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | ||||
| CVE-2010-0447 | 1 Hp | 1 Openview Performance Insight | 2025-04-11 | N/A |
| The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | ||||
| CVE-2012-0944 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2025-04-11 | N/A |
| Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. | ||||
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2025-04-11 | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | ||||
| CVE-2012-0717 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | ||||
| CVE-2012-0702 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2025-04-11 | N/A |
| Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | ||||