CWE:
 

Topic
Date
Author
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP
Med.
Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication
07.02.2010
RedTeam
High
dB Masters Multimedia Insecure Cookie Handling Vulnerability
07.01.2010
indoushka
Med.
Sitecore Staging 5.4.0 Module Authentication bypass and file manipulation
24.12.2009
Lukas Weichselbaum
High
Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
15.12.2009
ZDI Disclosures
High
linux kernel 2.6.25.15 nfsd4: fix null dereference creating nfsv4 callback
05.11.2009
Eugene Teoeugeneteo
High
Everfocus EDR1600 remote authentication bypass
04.11.2009
Andrea Fabrizi
Med.
PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
28.09.2009
SirGod
Med.
OSSIM version 2.1 remote SQL injection and cross site scripting
25.09.2009
DSecRG
Med.
LiveStreet Xss Vulnerable Exploit
22.09.2009
Inj3ct0r
Med.
Basic PHP Events Lister 2 Reset Admin Pass/Add Admin Vulns
16.09.2009
Mr.SeCreT
High
simplePHPWeb 0.2 (files.php) Authentication Bypass Vulnerability
15.09.2009
SirGod
Med.
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
03.09.2009
underwater
High
zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit
31.08.2009
real
High
AJ ARTICLE Remote Authentication Bypass Vulnerability
27.08.2009
G4N0K
High
Maian Greetings 2.1 Insecure Cookie Handling Vulnerability
27.08.2009
Saime
High
Aj Classifieds Authentication Bypass Vulnerability
26.08.2009
G4N0K
High
NatterChat 1.1 Remote Admin Bypass Vulnerability
26.08.2009
Mountassif Moad
High
AJSquare Free Polling Script (DB) Multiple Vulnerabilities
26.08.2009
G4N0K
Med.
HyperStop WebHost Directory Arbitrary Backup Database
24.08.2009
r45c4l
High
Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability
24.08.2009
Stack
Med.
Free PHP VX Guestbook 1.06 Arbitrary Database Backup Vulnerability
23.08.2009
SirGod
High
Libra PHP File Manager <= 1.18 Insecure Cookie Handling Vulnerability
23.08.2009
Stack
Med.
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges
21.08.2009
Felix Buenemann
High
Snom VoIP/SIP Phones Authentication Bypass
18.08.2009
null
High
AJ Auction Authentication Bypass Vulnerability
15.08.2009
G4N0K
High
turnkeyforms Text Link Sales Auth Bypass Vulnerability
15.08.2009
G4N0K
High
MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vulnerability
14.08.2009
RoMaNcYxHaCkEr
High
turnkeyforms Web Hosting Directory Multiple Vulnerabilities
13.08.2009
G4N0K
High
TaskDriver <= 1.3 Remote Change Admin Password Exploit
10.08.2009
cOndemned
High
SpeedStream 5200 Authentication Bypass Config Download Vulnerability
08.08.2009
hkm
High
ZEEJOBSITE 2.0 Remote File Upload Vulnerability
08.08.2009
ZoRLu
High
BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit
07.08.2009
CWH Team
Med.
PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
29.07.2009
SirGod
High
Desi Short URL Insecure Cookie Handling Vulnerability
29.07.2009
N@bilX
High
DD-WRT (httpd service) Remote Command Execution Vulnerability
21.07.2009
gat3way
High
Absolute Form Processor 4.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Live Support 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability
15.07.2009
x0r
High
Absolute Content Rotator 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability
15.07.2009
Hakxer
Med.
Absolute Control Panel XE 1.5 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Banner Manager Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Manager 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute FAQ Manager 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
14.07.2009
Core
High
phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability
11.07.2009
SirGod
Med.
Tutorial Share <= 3.5.0 Insecure Cookie Handling Vulnerability
03.07.2009
Evil-Cod3r
Med.
MIDAS 1.43 (Auth Bypass) Insecure Cookie Handling Vulnerability
01.07.2009
HxH
Med.
phportal 1.0 Insecure Cookie Handling Vulnerability
23.06.2009
xhaxkerx
High
Grestul 1.2 Remote Add Administrator Account Exploit
15.06.2009
ThE g0bL!N
High
Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability
10.06.2009
Mr.tro0oqy
High
Million Dollar Text Links 1.x Insecure Cookie Handling Vulnerability
02.06.2009
HxH
Med.
MyKtools 2.4 Arbitrary Database Backup Vulnerability
29.05.2009
Mountassif Moad
High
Eaton MGE OPS Network Shutdown Module - authentication bypass & remote code execution
29.05.2009
nruns
High
TCPDB 3.8 Arbitrary Add Admin Account Vulnerability
20.05.2009
Mr.tro0oqy
High
T-Dreams Job Career Package 3.0 Insecure Cookie Handling Vulnerability
17.05.2009
TiGeR-Dz
Med.
Simple Customer 1.3 Arbitrary Change Admin Password Exploit
17.05.2009
ahmadbady
Med.
AjaxTerm session id collision
15.05.2009
Andrea Barisani
Med.
Teraway LinkTracker 1.0 Insecure Cookie Handling Vulnerability
15.05.2009
ThE g0bL!N
Med.
Teraway LiveHelp 2.0 Insecure Cookie Handling Vulnerability
14.05.2009
h4ckf0ru


CVEMAP Search Results

CVE
Details
Description
2015-02-04
Medium
CVE-2014-9043

Vendor: Owncloud
Software: Owncloud
 

 
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

 
Medium
CVE-2014-9045

Vendor: Owncloud
Software: Owncloud
 

 
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.

 
2014-12-27
Medium
CVE-2013-4793

Vendor: Umbraco
Software: Umbraco cms
 

 
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

 
2014-12-22
Low
CVE-2014-8896

Vendor: IBM
Software: Infosphere m...
 

 
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.

 
2014-12-16
Low
CVE-2014-8006

Vendor: Cisco
Software: Isb8320-e hi...
 

 
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.

 
2014-12-10
High
CVE-2014-7879

Vendor: HP
Software: Hp-ux
 

 
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.

 
2014-12-08
Medium
CVE-2014-4631

Vendor: EMC
Software: Rsa adaptive...
 

 
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.

 
2014-12-02
Medium
CVE-2014-9184

Vendor: ZTE
Software: Zxdsl
 

 
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.

 
2014-11-28
High
CVE-2014-8424

Vendor: Arris
Software: Vap2500 firmware
 

 
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

 
2014-11-27
Medium
CVE-2014-4831

Vendor: IBM
Software: Qradar risk ...
 

 
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

 

 


Copyright 2017, cxsecurity.com