Total
3702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5351 | 1 Apache | 1 Axis2 | 2025-04-11 | 6.4 MEDIUM | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. | |||||
| CVE-2011-4590 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | |||||
| CVE-2010-3686 | 2 Drupal, Peter Wolanin | 2 Drupal, Openid | 2025-04-11 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | |||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.5 HIGH | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | |||||
| CVE-2012-2122 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2025-04-11 | 5.1 MEDIUM | N/A |
| sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | |||||
| CVE-2012-4614 | 1 Emc | 1 It Operations Intelligence | 2025-04-11 | 9.3 HIGH | N/A |
| The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | |||||
| CVE-2013-7093 | 1 Sap | 1 Network Interface Router | 2025-04-11 | 5.0 MEDIUM | N/A |
| SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||||
| CVE-2012-3492 | 1 Condor Project | 1 Condor | 2025-04-11 | 6.4 MEDIUM | N/A |
| The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. | |||||
| CVE-2012-1799 | 1 Siemens | 4 Scalance S602, Scalance S612, Scalance S613 and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | |||||
| CVE-2012-5353 | 1 Eduserv | 1 Openathens Service Provider | 2025-04-11 | 5.8 MEDIUM | N/A |
| Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||||
| CVE-2012-1145 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-04-11 | 5.0 MEDIUM | N/A |
| spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | |||||
| CVE-2010-1596 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 6.8 MEDIUM | N/A |
| Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2012-4457 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | |||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
| The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | |||||
| CVE-2012-4418 | 1 Apache | 1 Axis2 | 2025-04-11 | 5.8 MEDIUM | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | |||||
| CVE-2011-1901 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2025-04-11 | 7.5 HIGH | N/A |
| The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2012-5633 | 1 Apache | 1 Cxf | 2025-04-11 | 5.8 MEDIUM | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | |||||
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2025-04-11 | 9.0 HIGH | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | |||||
| CVE-2013-4001 | 1 Ibm | 1 Cognos Command Center | 2025-04-11 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | |||||
| CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2025-04-11 | 3.3 LOW | N/A |
| The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. | |||||