Total
2926 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2016-10-17 | 7.5 HIGH | N/A |
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2016-10-17 | 5.0 MEDIUM | N/A |
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | |||||
CVE-2016-0883 | 1 Pivotal Software | 1 Operations Manager | 2016-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. | |||||
CVE-2016-6159 | 1 Huawei | 2 Ws331a Router, Ws331a Router Firmware | 2016-09-22 | 6.8 MEDIUM | 7.5 HIGH |
The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. | |||||
CVE-2016-4966 | 1 Fortinet | 1 Fortiwan | 2016-09-21 | 4.0 MEDIUM | 6.5 MEDIUM |
The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | |||||
CVE-2014-0738 | 1 Cisco | 1 Adaptive Security Appliance Software | 2016-09-09 | 4.3 MEDIUM | N/A |
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. | |||||
CVE-2014-3295 | 1 Cisco | 1 Nx-os | 2016-09-08 | 4.8 MEDIUM | N/A |
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | |||||
CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | |||||
CVE-2016-1278 | 1 Juniper | 1 Junos | 2016-08-12 | 6.9 MEDIUM | 7.8 HIGH |
Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | |||||
CVE-2014-8764 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | |||||
CVE-2014-8763 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | |||||
CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2016-07-13 | 7.2 HIGH | N/A |
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | |||||
CVE-2014-4872 | 1 Bmc | 1 Bmc Track-it\! | 2016-06-29 | 7.5 HIGH | N/A |
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | |||||
CVE-2014-2066 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | |||||
CVE-2014-2062 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 6.5 MEDIUM | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | |||||
CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2016-05-18 | 6.8 MEDIUM | N/A |
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | |||||
CVE-2016-2300 | 1 Ecava | 1 Integraxor | 2016-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | |||||
CVE-2016-0733 | 1 Apache | 1 Ranger | 2016-04-18 | 7.5 HIGH | 9.8 CRITICAL |
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. | |||||
CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-04 | 4.0 MEDIUM | N/A |
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | |||||
CVE-2016-2245 | 1 Hp | 1 Support Assistant | 2016-03-22 | 10.0 HIGH | 9.8 CRITICAL |
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. |