Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1364 | 1 Zabbix | 1 Zabbix | 2013-12-16 | N/A |
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | ||||
CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2013-12-13 | N/A |
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | ||||
CVE-2013-6012 | 1 Juniper | 1 Junos | 2013-11-03 | N/A |
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
CVE-2013-2102 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-10-30 | N/A |
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service. | ||||
CVE-2011-1411 | 1 Shibboleth | 2 Opensaml, Shibboleth-identity-provider | 2013-10-11 | N/A |
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||
CVE-2013-4783 | 1 Dell | 1 Idrac6 Bmc | 2013-09-27 | N/A |
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet." | ||||
CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | N/A |
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | ||||
CVE-2013-4875 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | N/A |
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | ||||
CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | N/A |
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | ||||
CVE-2012-4614 | 1 Emc | 1 It Operations Intelligence | 2013-08-17 | N/A |
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | ||||
CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2013-05-30 | N/A |
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | ||||
CVE-2013-0314 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-04-15 | N/A |
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | ||||
CVE-2012-2281 | 1 Rsa | 2 Access Manager Agent, Access Manager Server | 2013-03-22 | N/A |
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | ||||
CVE-2012-4021 | 1 Mosp | 1 Kintai Kanri | 2013-03-02 | N/A |
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | ||||
CVE-2012-3002 | 2 Foscam, Wansview | 2 H.264 Hi3510\/11\/12 Ip Camera, H.264 Hi3510\/11\/12 Ip Camera | 2013-03-02 | N/A |
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. | ||||
CVE-2012-4613 | 1 Emc | 1 Rsa Data Protection Manager Appliance | 2013-02-26 | N/A |
EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | ||||
CVE-2012-4418 | 1 Apache | 1 Axis2 | 2013-01-30 | N/A |
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||
CVE-2011-5053 | 1 Wi-fi | 1 Wifi Protected Setup Protocol | 2013-01-15 | N/A |
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | ||||
CVE-2012-1799 | 1 Siemens | 4 Scalance S602, Scalance S612, Scalance S613 and 1 more | 2012-12-06 | N/A |
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | ||||
CVE-2012-0333 | 1 Cisco | 2 Small Business Ip Phone, Small Business Ip Phone Firmware | 2012-10-30 | N/A |
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. |