Search Results (4510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3002 2 Foscam, Wansview 2 H.264 Hi3510\/11\/12 Ip Camera, H.264 Hi3510\/11\/12 Ip Camera 2025-04-11 N/A
The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL.
CVE-2014-0674 1 Cisco 1 Video Surveillance Operations Manager 2025-04-11 N/A
Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992.
CVE-2014-0722 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
CVE-2012-3024 1 Tridium 1 Niagara Ax 2025-04-11 N/A
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
CVE-2014-0737 1 Cisco 1 Unified Ip Phone 7960g 2025-04-11 N/A
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.
CVE-2014-0738 1 Cisco 1 Adaptive Security Appliance Software 2025-04-11 N/A
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
CVE-2011-2956 1 Azeotech 1 Daqfactory 2025-04-11 N/A
AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal.
CVE-2012-4066 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
CVE-2012-4926 1 Imgpals 1 Img Pals Photo Host 2025-04-11 N/A
approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.
CVE-2011-0489 1 Objectivity 1 Objectivity\/db 2025-04-11 N/A
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
CVE-2012-4021 1 Mosp 1 Kintai Kanri 2025-04-11 N/A
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors.
CVE-2010-3685 2 Drupal, Peter Wolanin 2 Drupal, Openid 2025-04-11 N/A
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3686 2 Drupal, Peter Wolanin 2 Drupal, Openid 2025-04-11 N/A
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2012-3356 1 Viewvc 1 Viewvc 2025-04-11 N/A
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-5009 1 Symantec 1 Endpoint Protection 2025-04-11 N/A
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
CVE-2011-0718 1 Redhat 2 Network Satellite, Network Satellite Server 2025-04-11 N/A
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.
CVE-2012-3492 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-11 N/A
The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory.
CVE-2012-2414 1 Asterisk 1 Open Source 2025-04-11 N/A
main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
CVE-2011-1025 2 Openldap, Redhat 2 Openldap, Enterprise Linux 2025-04-11 N/A
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
CVE-2011-1674 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.