Filtered by CWE-287
Filtered by vendor Subscriptions
Total 3784 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3053 1 Ibm 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more 2024-11-21 N/A
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
CVE-2014-2955 1 Raritan 2 Dpxr20a-16, Px 2024-11-21 N/A
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
CVE-2014-2938 1 Hanon 5 Faceid, Faceid F710 Firmware, Faceid F810 Firmware and 2 more 2024-11-21 N/A
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
CVE-2014-2927 1 F5 19 Arx, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 16 more 2024-11-21 N/A
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
CVE-2014-2904 1 Wolfssl 1 Wolfssl 2024-11-21 7.5 High
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
CVE-2014-2828 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
CVE-2014-2685 1 Zend 2 Zend Framework, Zendopenid 2024-11-21 N/A
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2014-2665 1 Mediawiki 1 Mediawiki 2024-11-21 N/A
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.
CVE-2014-2653 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
CVE-2014-2651 1 Atos 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more 2024-11-21 9.8 Critical
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
CVE-2014-2614 1 Hp 1 Sitescope 2024-11-21 N/A
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
CVE-2014-2609 1 Hp 1 Executive Scorecard 2024-11-21 N/A
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
CVE-2014-2373 1 Accuenergy 2 Acuvim Ii, Axm-net 2024-11-21 N/A
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL.
CVE-2014-2341 1 Cubecart 1 Cubecart 2024-11-21 N/A
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2014-2338 1 Strongswan 1 Strongswan 2024-11-21 N/A
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
CVE-2014-2181 1 Cisco 1 Adaptive Security Appliance Software 2024-11-21 N/A
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
CVE-2014-2128 1 Cisco 1 Adaptive Security Appliance Software 2024-11-21 N/A
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.
CVE-2014-2075 1 Tibco 2 Enterprise Administrator, Enterprise Administrator Sdk 2024-11-21 N/A
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-2066 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2014-2062 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.