Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8424 | 1 Arris | 1 Vap2500 Firmware | 2014-11-28 | N/A |
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | ||||
CVE-2014-2373 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2014-11-05 | N/A |
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. | ||||
CVE-2013-4594 | 1 Payment For Webform Project | 1 Payment For Webform | 2014-10-31 | N/A |
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | ||||
CVE-2014-3402 | 1 Cisco | 1 Intrusion Prevention System | 2014-10-15 | N/A |
The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550. | ||||
CVE-2014-6632 | 1 Joomla | 1 Joomla\! | 2014-10-09 | N/A |
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | ||||
CVE-2014-0074 | 1 Apache | 1 Shiro | 2014-10-07 | N/A |
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | ||||
CVE-2013-3092 | 1 Belkin | 2 N300, N300 Firmware | 2014-10-01 | N/A |
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | ||||
CVE-2014-4325 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2014-08-28 | N/A |
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. | ||||
CVE-2014-3895 | 1 Iodata | 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more | 2014-07-30 | N/A |
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | ||||
CVE-2014-4725 | 1 Mailpoet | 1 Mailpoet Newsletters | 2014-07-28 | N/A |
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | ||||
CVE-2014-2938 | 1 Hanon | 5 Faceid, Faceid F710 Firmware, Faceid F810 Firmware and 2 more | 2014-07-16 | N/A |
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | ||||
CVE-2014-2955 | 1 Raritan | 2 Dpxr20a-16, Px | 2014-07-15 | N/A |
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | ||||
CVE-2013-6117 | 1 Dahuasecurity | 1 Dvr Firmware | 2014-07-14 | N/A |
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | ||||
CVE-2014-4168 | 1 Kryo | 1 Iodine | 2014-07-07 | N/A |
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | ||||
CVE-2013-6788 | 1 Bitrix | 2 Bitrix E-store Module, Bitrix Site Manager | 2014-06-26 | N/A |
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack. | ||||
CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2014-06-26 | N/A |
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | ||||
CVE-2014-3780 | 1 Citrix | 1 Vdi-in-a-box | 2014-06-24 | N/A |
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | ||||
CVE-2014-3781 | 1 Dotclear | 1 Dotclear | 2014-06-12 | N/A |
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | ||||
CVE-2014-3945 | 1 Typo3 | 1 Typo3 | 2014-06-04 | N/A |
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | ||||
CVE-2014-3944 | 1 Typo3 | 1 Typo3 | 2014-06-04 | N/A |
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. |