Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2017-09-28 | 5.0 MEDIUM | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | |||||
| CVE-2008-1727 | 1 Myknowledgequest | 1 Knowledgequest | 2017-09-28 | 7.5 HIGH | N/A |
| KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. | |||||
| CVE-2007-5008 | 1 Hp | 1 Hp-ux | 2017-09-28 | 9.0 HIGH | N/A |
| The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. | |||||
| CVE-2007-5770 | 1 Ruby-lang | 1 Ruby | 2017-09-28 | 5.0 MEDIUM | N/A |
| The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | |||||
| CVE-2007-6234 | 1 Ftp Admin | 1 Ftp Admin | 2017-09-28 | 10.0 HIGH | N/A |
| index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. | |||||
| CVE-2007-5374 | 1 Lightblog | 1 Lightblog | 2017-09-28 | 6.5 MEDIUM | N/A |
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | |||||
| CVE-2014-9611 | 1 Netsweeper | 1 Netsweeper | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | |||||
| CVE-2015-1330 | 2 Canonical, Debian | 2 Ubuntu Linux, Unattended-upgrades | 2017-09-21 | 6.8 MEDIUM | N/A |
| unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | |||||
| CVE-2015-3775 | 1 Apple | 1 Mac Os X | 2017-09-20 | 7.2 HIGH | N/A |
| Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. | |||||
| CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-20 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |||||
| CVE-2014-9624 | 1 Mantisbt | 1 Mantisbt | 2017-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | |||||
| CVE-2015-6266 | 1 Cisco | 1 Identity Services Engine Software | 2017-09-19 | 5.0 MEDIUM | N/A |
| The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | |||||
| CVE-2013-0910 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. | |||||
| CVE-2010-4488 | 1 Google | 1 Chrome | 2017-09-18 | 5.0 MEDIUM | N/A |
| Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2017-09-18 | 7.5 HIGH | N/A |
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | |||||
| CVE-2010-1820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-18 | 6.8 MEDIUM | N/A |
| Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. | |||||
| CVE-2009-4670 | 1 Beaussier | 1 Roomphplanning | 2017-09-18 | 7.5 HIGH | N/A |
| admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. | |||||
| CVE-2009-4671 | 1 Beaussier | 1 Roomphplanning | 2017-09-18 | 7.5 HIGH | N/A |
| Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. | |||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2017-09-18 | 7.5 HIGH | N/A |
| The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | |||||
| CVE-2009-4675 | 1 Mole-group | 1 Gastro Portal \(restaurant Directory\) Script | 2017-09-18 | 7.5 HIGH | N/A |
| admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission. | |||||