Search Results (4519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-0744 1 Alvaro 1 Alvaros Messenger 2025-04-11 N/A
aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.
CVE-2010-0756 1 Wikyblog 1 Wikyblog 2025-04-11 N/A
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
CVE-2010-0833 1 Likewise 2 Likewise Cifs, Likewise Open 2025-04-11 N/A
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.
CVE-2010-0834 2 Dell, Ubuntu 2 Latitude 2110 Netbook, Ubuntu Linux 2025-04-11 N/A
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
CVE-2010-1454 1 Vmware 1 Tc Server 2025-04-11 N/A
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
CVE-2010-1596 1 Sitracker 1 Support Incident Tracker 2025-04-11 N/A
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVE-2010-1613 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
CVE-2010-2026 1 Cisco 1 Scientific Atlanta Webstar Dpc2100r2 2025-04-11 N/A
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page.
CVE-2010-2668 1 Adaptivedisplays 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager 2025-04-11 N/A
Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors.
CVE-2010-2731 1 Microsoft 1 Windows Xp 2025-04-11 N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
CVE-2010-3471 1 Ibm 1 Filenet P8 Application Engine 2025-04-11 N/A
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2010-3685 2 Drupal, Peter Wolanin 2 Drupal, Openid 2025-04-11 N/A
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3686 2 Drupal, Peter Wolanin 2 Drupal, Openid 2025-04-11 N/A
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-4252 1 Openssl 1 Openssl 2025-04-11 N/A
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
CVE-2010-4279 1 Artica 1 Pandora Fms 2025-04-11 N/A
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
CVE-2010-4332 1 Pangramsoft 1 Pointter Php Content Management System 2025-04-11 N/A
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2010-4333 1 Pangramsoft 1 Pointter Php Micro-blogging Social Network 2025-04-11 N/A
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
CVE-2010-4481 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2010-4488 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2011-0527 1 Vmware 1 Tc Server 2025-04-11 N/A
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.