Total
3617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4244 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. | |||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2025-04-03 | 7.5 HIGH | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2025-04-03 | 6.8 MEDIUM | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | |||||
| CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2025-04-03 | 7.5 HIGH | N/A |
| mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
| CVE-2003-0216 | 1 Cisco | 1 Catos | 2025-04-03 | 9.3 HIGH | N/A |
| Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
| CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
| The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | |||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2025-04-03 | 6.8 MEDIUM | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | |||||
| CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2025-04-03 | 7.5 HIGH | N/A |
| Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | |||||
| CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2025-04-03 | 7.5 HIGH | N/A |
| functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
| CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
| relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | |||||
| CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2025-04-03 | 5.0 MEDIUM | N/A |
| SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | |||||
| CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | |||||
| CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
| edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||
| CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
| CVE-2005-4006 | 1 Redgraphic | 1 Sapid Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. | |||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||||
| CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2025-04-03 | 6.4 MEDIUM | N/A |
| The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | |||||
| CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2025-04-03 | 7.5 HIGH | N/A |
| newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | |||||
| CVE-2001-0537 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
| HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||||
| CVE-2006-3583 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |||||