Search Results (4518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5353 1 Eduserv 1 Openathens Service Provider 2025-04-11 N/A
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
CVE-2012-5858 1 Samsung 1 Kies Air 2025-04-11 N/A
Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
CVE-2012-5886 2 Apache, Redhat 8 Tomcat, Enterprise Linux, Jboss Data Grid and 5 more 2025-04-11 N/A
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
CVE-2012-5930 1 Microfocus 1 Privileged User Manager 2025-04-11 N/A
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
CVE-2012-5940 1 Ibm 1 Netezza 2025-04-11 N/A
The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process.
CVE-2012-5952 1 Ibm 1 Websphere Message Broker 2025-04-11 N/A
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.
CVE-2012-5975 2 Linux, Ssh 2 Linux Kernel, Tectia Server 2025-04-11 N/A
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
CVE-2012-6066 1 Freesshd 1 Freesshd 2025-04-11 N/A
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2012-6067 1 Freeftpd 1 Freeftpd 2025-04-11 N/A
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2013-0209 1 Sixapart 1 Movable Type 2025-04-11 N/A
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
CVE-2013-0239 2 Apache, Redhat 4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 1 more 2025-04-11 N/A
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
CVE-2013-0258 2 Drupal, Google Authenticator Login Project 2 Drupal, Ga Login 2025-04-11 N/A
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
CVE-2013-0282 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
CVE-2013-0314 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-11 N/A
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.
CVE-2013-0985 1 Apple 1 Mac Os X 2025-04-11 N/A
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
CVE-2013-1080 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVE-2013-1865 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Folsom, Openstack 2025-04-11 N/A
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-3268 1 Novell 1 Imanager 2025-04-11 N/A
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
CVE-2013-3417 1 Cisco 1 Video Surveillance Operations Manager 2025-04-11 N/A
The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262.
CVE-2013-3430 1 Cisco 1 Video Surveillance Manager 2025-04-11 N/A
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.