Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-26 | CVE-2014-0482 | Improper Authentication vulnerability in multiple products The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. | 6.0 |
| 2014-08-25 | CVE-2014-4325 | Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. | 7.2 |
| 2014-08-25 | CVE-2014-0973 | Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | 7.2 |
| 2014-08-21 | CVE-2014-5385 | Improper Authentication vulnerability in Shopizer 1.1.5 com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. | 5.0 |
| 2014-07-31 | CVE-2014-5175 | Improper Authentication vulnerability in SAP Solution Manager 7.1 The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | 7.5 |
| 2014-07-29 | CVE-2014-3895 | Improper Authentication vulnerability in Iodata products The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | 6.4 |
| 2014-07-29 | CVE-2014-3552 | Improper Authentication vulnerability in Moodle The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | 6.0 |
| 2014-07-27 | CVE-2014-4725 | Improper Authentication vulnerability in Mailpoet Newsletters The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | 7.5 |
| 2014-07-14 | CVE-2014-2955 | Improper Authentication vulnerability in Raritan Dpxr20A-16 and PX Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | 10.0 |
| 2014-07-11 | CVE-2013-6117 | Improper Authentication vulnerability in Dahuasecurity DVR Firmware 2.608.0000.0/2.608.Gv00.0 Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | 7.5 |