ReportizFlow
Filtered by vendor
Subscriptions
Total
4333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3667 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. | ||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-11 | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-0759 | 5 Canonical, Mozilla, Opensuse and 2 more | 16 Ubuntu Linux, Firefox, Seamonkey and 13 more | 2025-04-11 | N/A |
| Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. | ||||
| CVE-2011-3577 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | ||||
| CVE-2012-3137 | 1 Oracle | 2 Database Server, Primavera P6 Enterprise Project Portfolio Management | 2025-04-11 | N/A |
| The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." | ||||
| CVE-2013-0578 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2025-04-11 | N/A |
| The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. | ||||
| CVE-2011-3297 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software | 2025-04-11 | N/A |
| Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | ||||
| CVE-2012-4741 | 1 Packetfence | 1 Packetfence | 2025-04-11 | N/A |
| The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. | ||||
| CVE-2012-4659 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Catalyst 6500 and 8 more | 2025-04-11 | N/A |
| The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication response, aka Bug ID CSCtz04566. | ||||
| CVE-2012-4613 | 1 Emc | 1 Rsa Data Protection Manager Appliance | 2025-04-11 | N/A |
| EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | ||||
| CVE-2012-4595 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | N/A |
| McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | ||||
| CVE-2012-4604 | 1 Websense | 1 Websense Web Security | 2025-04-11 | N/A |
| The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. | ||||
| CVE-2012-4545 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2025-04-11 | N/A |
| The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials. | ||||
| CVE-2012-4457 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | ||||
| CVE-2012-4418 | 1 Apache | 1 Axis2 | 2025-04-11 | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | ||||
| CVE-2012-4392 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | N/A |
| index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | ||||
| CVE-2012-4066 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | N/A |
| The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | ||||
| CVE-2012-4021 | 1 Mosp | 1 Kintai Kanri | 2025-04-11 | N/A |
| MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | ||||
| CVE-2012-2122 | 3 Mariadb, Oracle, Redhat | 3 Mariadb, Mysql, Enterprise Linux | 2025-04-11 | N/A |
| sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | ||||
| CVE-2012-3884 | 1 Airdroid | 1 Airdroid | 2025-04-11 | N/A |
| AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. | ||||