Vulnerabilities (CVE)

Filtered by CWE-287
Total 3371 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9278 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Fedora 2024-11-21 4.0 MEDIUM N/A
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
CVE-2014-9217 1 Torch Gmbh 1 Graylog2 2024-11-21 5.0 MEDIUM N/A
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.
CVE-2014-9184 1 Zte 1 Zxdsl 2024-11-21 5.0 MEDIUM N/A
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
CVE-2014-9045 1 Owncloud 1 Owncloud 2024-11-21 5.0 MEDIUM N/A
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
CVE-2014-9043 1 Owncloud 1 Owncloud 2024-11-21 5.0 MEDIUM N/A
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
CVE-2014-8896 1 Ibm 2 Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management 2024-11-21 4.0 MEDIUM N/A
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.
CVE-2014-8764 2 Dokuwiki, Mageia Project 2 Dokuwiki, Mageia 2024-11-21 5.0 MEDIUM N/A
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
CVE-2014-8763 2 Dokuwiki, Mageia Project 2 Dokuwiki, Mageia 2024-11-21 5.0 MEDIUM N/A
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
CVE-2014-8650 2 Debian, Requests-kerberos Project 2 Debian Linux, Requests-kerberos 2024-11-21 7.5 HIGH 9.8 CRITICAL
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-8522 1 Mcafee 1 Network Data Loss Prevention 2024-11-21 7.5 HIGH N/A
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
CVE-2014-8472 1 Ca 1 Cloud Service Management 2024-11-21 6.8 MEDIUM N/A
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2014-8424 1 Arris 1 Vap2500 Firmware 2024-11-21 7.8 HIGH N/A
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
CVE-2014-8347 1 Claris 2 Filemaker Pro, Filemaker Pro Advanced 2024-11-21 4.6 MEDIUM 7.8 HIGH
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
CVE-2014-8329 1 Schrack 2 Technik Microcontrol, Technik Microcontrol Firmware 2024-11-21 10.0 HIGH N/A
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2024-11-21 2.1 LOW 5.5 MEDIUM
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2014-8088 1 Zend 1 Zend Framework 2024-11-21 5.0 MEDIUM N/A
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
CVE-2014-8033 1 Cisco 1 Webex Meetings Server 2024-11-21 5.0 MEDIUM N/A
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.
CVE-2014-8006 1 Cisco 1 Isb8320-e High-definition Ip-only Dvr 2024-11-21 4.3 MEDIUM N/A
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.
CVE-2014-7879 1 Hp 1 Hp-ux 2024-11-21 8.5 HIGH N/A
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
CVE-2014-7860 2 D-link, Dlink 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.