Export limit exceeded: 11471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0744 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-11 | N/A |
| aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate. | ||||
| CVE-2012-4078 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | ||||
| CVE-2013-0209 | 1 Sixapart | 1 Movable Type | 2025-04-11 | N/A |
| lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. | ||||
| CVE-2013-0239 | 2 Apache, Redhat | 4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. | ||||
| CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | N/A |
| The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | ||||
| CVE-2013-0282 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | ||||
| CVE-2013-0314 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | ||||
| CVE-2013-0759 | 5 Canonical, Mozilla, Opensuse and 2 more | 16 Ubuntu Linux, Firefox, Seamonkey and 13 more | 2025-04-11 | N/A |
| Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. | ||||
| CVE-2013-0910 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. | ||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-11 | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-0937 | 1 Emc | 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more | 2025-04-11 | N/A |
| Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2013-0985 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | ||||
| CVE-2009-5083 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2013-1337 | 1 Microsoft | 1 .net Framework | 2025-04-11 | N/A |
| Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | ||||
| CVE-2012-4066 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | ||||
| CVE-2012-4021 | 1 Mosp | 1 Kintai Kanri | 2025-04-11 | N/A |
| MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | ||||
| CVE-2013-1364 | 1 Zabbix | 1 Zabbix | 2025-04-11 | N/A |
| The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | ||||
| CVE-2012-3885 | 1 Airdroid | 1 Airdroid | 2025-04-11 | N/A |
| The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2013-1405 | 1 Vmware | 6 Esx, Esxi, Vcenter Server and 3 more | 2025-04-11 | N/A |
| VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| CVE-2013-1443 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. | ||||