Total
3369 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2024-11-21 | 6.4 MEDIUM | N/A |
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | |||||
CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2024-11-21 | 5.0 MEDIUM | N/A |
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | |||||
CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2024-11-21 | 7.5 HIGH | N/A |
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | |||||
CVE-2005-4861 | 1 Jasio.net | 1 Ragnarok Online Control Panel | 2024-11-21 | 7.5 HIGH | N/A |
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | |||||
CVE-2005-4851 | 1 Ez | 1 Ez Publish | 2024-11-21 | 4.0 MEDIUM | N/A |
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | |||||
CVE-2005-4006 | 1 Redgraphic | 1 Sapid Cms | 2024-11-21 | 7.5 HIGH | N/A |
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php. | |||||
CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | 5.0 MEDIUM | N/A |
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | |||||
CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2024-11-20 | 7.5 HIGH | N/A |
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
CVE-2005-1020 | 1 Cisco | 1 Ios | 2024-11-20 | 7.1 HIGH | N/A |
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | |||||
CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2024-11-20 | 5.0 MEDIUM | N/A |
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | |||||
CVE-2004-2734 | 1 Novell | 1 Netware | 2024-11-20 | 10.0 HIGH | N/A |
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2024-11-20 | 7.1 HIGH | N/A |
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | |||||
CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2024-11-20 | 7.5 HIGH | N/A |
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||
CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2024-11-20 | 7.5 HIGH | N/A |
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | |||||
CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2024-11-20 | 10.0 HIGH | N/A |
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
CVE-2003-1574 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-20 | 7.5 HIGH | N/A |
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. | |||||
CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2024-11-20 | 3.5 LOW | N/A |
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | |||||
CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2024-11-20 | 5.0 MEDIUM | N/A |
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | |||||
CVE-2003-1475 | 1 Netbus | 1 Netbus | 2024-11-20 | 6.8 MEDIUM | N/A |
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | |||||
CVE-2003-1442 | 1 Ericsson | 1 Hm220dp Adsl Modem | 2024-11-20 | 7.5 HIGH | N/A |
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. |