Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-08 | CVE-2014-9578 | Improper Authentication vulnerability in Vdgsecurity VDG Sense 2.3.13 VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash. | 5.0 |
2014-12-27 | CVE-2013-4793 | Improper Authentication vulnerability in Umbraco CMS The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | 7.5 |
2014-12-22 | CVE-2014-8896 | Improper Authentication vulnerability in IBM products The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors. | 4.0 |
2014-12-17 | CVE-2014-8006 | Improper Authentication vulnerability in Cisco Isb8320-E High-Definition Ip-Only DVR The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | 4.3 |
2014-12-10 | CVE-2014-7879 | Improper Authentication vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | 8.5 |
2014-12-10 | CVE-2014-7807 | Improper Authentication vulnerability in Apache Cloudstack Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | 5.0 |
2014-12-08 | CVE-2014-9217 | Improper Authentication vulnerability in Torch Gmbh Graylog2 Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. | 5.0 |
2014-12-08 | CVE-2014-4631 | Improper Authentication vulnerability in EMC RSA Adaptive Authentication On-Premise 6.0.2.1/7.0/7.1 RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | 5.0 |
2014-12-06 | CVE-2014-9278 | Improper Authentication vulnerability in Openbsd Openssh The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | 4.0 |
2014-12-02 | CVE-2014-9184 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | 5.0 |