Export limit exceeded: 341624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | N/A |
| Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2010-3685 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2010-3739 | 1 Ibm | 1 Db2 Universal Database | 2025-04-11 | N/A |
| The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | ||||
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2025-04-11 | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | ||||
| CVE-2010-3868 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2025-04-11 | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | ||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2025-04-11 | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | ||||
| CVE-2010-3905 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. | ||||
| CVE-2010-4121 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2025-04-11 | N/A |
| The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only. | ||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2025-04-11 | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | ||||
| CVE-2010-4232 | 2 Camtron, Tecvoz | 4 Cmnc-200, Cmnc-200 Firmware, Cmnc-200 and 1 more | 2025-04-11 | N/A |
| The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | ||||
| CVE-2010-4252 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | ||||
| CVE-2010-4279 | 1 Artica | 1 Pandora Fms | 2025-04-11 | N/A |
| The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | ||||
| CVE-2010-4332 | 1 Pangramsoft | 1 Pointter Php Content Management System | 2025-04-11 | N/A |
| Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2010-4333 | 1 Pangramsoft | 1 Pointter Php Micro-blogging Social Network | 2025-04-11 | N/A |
| Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | ||||
| CVE-2010-4481 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2010-4488 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2011-2956 | 1 Azeotech | 1 Daqfactory | 2025-04-11 | N/A |
| AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. | ||||
| CVE-2011-2963 | 1 Progea | 1 Movicon | 2025-04-11 | N/A |
| TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651. | ||||