Export limit exceeded: 11301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11301 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2025-04-11 | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | ||||
| CVE-2011-0688 | 1 Symantec | 3 Antivirus, Antivirus Central Quarantine Server, System Center | 2025-04-11 | N/A |
| Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-3417 | 1 Cisco | 1 Video Surveillance Operations Manager | 2025-04-11 | N/A |
| The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. | ||||
| CVE-2011-0527 | 1 Vmware | 1 Tc Server | 2025-04-11 | N/A |
| VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords. | ||||
| CVE-2011-0489 | 1 Objectivity | 1 Objectivity\/db | 2025-04-11 | N/A |
| The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-0091 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | N/A |
| Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | ||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | ||||
| CVE-2011-0039 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-11 | N/A |
| The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | ||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | ||||
| CVE-2014-0674 | 1 Cisco | 1 Video Surveillance Operations Manager | 2025-04-11 | N/A |
| Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | ||||
| CVE-2013-2954 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | N/A |
| The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2011-0011 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-11 | N/A |
| qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. | ||||
| CVE-2013-2944 | 1 Strongswan | 1 Strongswan | 2025-04-11 | N/A |
| strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | ||||
| CVE-2010-4333 | 1 Pangramsoft | 1 Pointter Php Micro-blogging Social Network | 2025-04-11 | N/A |
| Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | ||||
| CVE-2010-4279 | 1 Artica | 1 Pandora Fms | 2025-04-11 | N/A |
| The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | ||||
| CVE-2010-4252 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | ||||
| CVE-2010-4232 | 2 Camtron, Tecvoz | 4 Cmnc-200, Cmnc-200 Firmware, Cmnc-200 and 1 more | 2025-04-11 | N/A |
| The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | ||||
| CVE-2013-2820 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2025-04-11 | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | ||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2025-04-11 | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | ||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2025-04-11 | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | ||||