Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2024-11-21 | 10.0 HIGH | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2024-11-21 | 5.0 MEDIUM | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||||
| CVE-2012-0062 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 5.8 MEDIUM | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |||||
| CVE-2011-5253 | 1 Thegr | 1 Dl | 2024-11-21 | 4.3 MEDIUM | N/A |
| Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2024-11-21 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
| CVE-2011-5090 | 1 Grboard | 1 Grboard | 2024-11-21 | 6.4 MEDIUM | N/A |
| GR Board (aka grboard) 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to (1) mod_rewrite.php, (2) comment_write_ok.php, (3) poll/index.php, (4) update/index.php, (5) trackback.php, or (6) an arbitrary poll.php script under theme/. | |||||
| CVE-2011-5063 | 1 Apache | 1 Tomcat | 2024-11-21 | 4.3 MEDIUM | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. | |||||
| CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2024-11-21 | 6.9 MEDIUM | N/A |
| kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | |||||
| CVE-2011-5053 | 1 Wi-fi | 1 Wifi Protected Setup Protocol | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. | |||||
| CVE-2011-4973 | 1 Mod Nss Project | 1 Mod Nss | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | |||||
| CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2024-11-21 | 10.0 HIGH | N/A |
| The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | |||||
| CVE-2011-4677 | 1 Oneclickorgs | 1 One Click Orgs | 2024-11-21 | 7.5 HIGH | N/A |
| One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2024-11-21 | 9.3 HIGH | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | |||||
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||||
| CVE-2011-4590 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | N/A |
| The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | |||||
| CVE-2011-4514 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2011-4338 | 1 Shaman Project | 1 Shaman | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. | |||||
| CVE-2011-4214 | 1 Oneorzero | 1 Aims | 2024-11-21 | 10.0 HIGH | N/A |
| OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. | |||||
| CVE-2011-4091 | 3 Armin Burgmeier, Opensuse, Oracle | 3 Net6, Opensuse, Solaris | 2024-11-21 | 5.0 MEDIUM | N/A |
| The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | |||||