Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2024-02-04 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2024-02-04 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |||||
| CVE-2006-2113 | 2 Dell, Fuji Xerox | 19 3000cn, 3010cn, 3100cn and 16 more | 2024-02-04 | 6.4 MEDIUM | N/A |
| The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. | |||||
| CVE-2002-2417 | 1 Acftp | 1 Acftp | 2024-02-04 | 10.0 HIGH | N/A |
| acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | |||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2024-02-04 | 6.8 MEDIUM | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | |||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2024-02-04 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | |||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 10.0 HIGH | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||||
| CVE-2003-1475 | 1 Netbus | 1 Netbus | 2024-02-04 | 6.8 MEDIUM | N/A |
| Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2024-02-04 | 10.0 HIGH | N/A |
| The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
| CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2024-02-04 | 5.0 MEDIUM | N/A |
| upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | |||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2024-02-04 | 7.5 HIGH | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||||
| CVE-2002-2279 | 1 Aldap | 1 Aldap | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | |||||
| CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2024-02-04 | 10.0 HIGH | N/A |
| Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||||
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | |||||
| CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2024-02-04 | 9.3 HIGH | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2024-02-04 | 6.8 MEDIUM | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | |||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
| CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2024-02-04 | 2.1 LOW | N/A |
| An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | |||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2024-02-04 | 9.3 HIGH | N/A |
| HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||||