Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2047 | 1 Owncloud | 1 Owncloud | 2014-03-25 | N/A |
| Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2013-6031 | 1 Huawei | 2 E355, E355 Firmware | 2014-03-11 | N/A |
| The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | ||||
| CVE-2014-1911 | 1 Foscam | 2 Fi8919w, Fi8919w Firmware | 2014-03-07 | N/A |
| The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. | ||||
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2014-03-06 | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | ||||
| CVE-2013-6634 | 1 Google | 1 Chrome | 2014-03-06 | N/A |
| The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | ||||
| CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2014-02-27 | N/A |
| TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2012-2122 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2014-02-21 | N/A |
| sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | ||||
| CVE-2014-0732 | 1 Cisco | 1 Unified Communications Manager | 2014-02-21 | N/A |
| The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | ||||
| CVE-2014-0733 | 1 Cisco | 1 Unified Communications Manager | 2014-02-20 | N/A |
| The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | ||||
| CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2014-02-14 | N/A |
| Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | ||||
| CVE-2012-0062 | 1 Redhat | 1 Jboss Operations Network | 2014-02-14 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | ||||
| CVE-2014-0725 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | N/A |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | ||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2014-02-13 | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | ||||
| CVE-2013-6035 | 6 Gatehouse, Harris, Hughes Network Systems and 3 more | 9 Gatehouse, Bgan, 9201 and 6 more | 2014-02-04 | N/A |
| The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations. | ||||
| CVE-2013-1443 | 1 Djangoproject | 1 Django | 2014-01-28 | N/A |
| The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. | ||||
| CVE-2013-2820 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2014-01-16 | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | ||||
| CVE-2013-7282 | 1 Nisuta | 4 Ns-wir150ne, Ns-wir150ne Firmware, Ns-wir300n and 1 more | 2014-01-10 | N/A |
| The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | ||||
| CVE-2013-5038 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | N/A |
| The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | ||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2013-12-30 | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | ||||
| CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2013-12-24 | N/A |
| denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | ||||