Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-14 | CVE-2013-1364 | Improper Authentication vulnerability in Zabbix The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | 5.0 |
2013-12-13 | CVE-2013-7093 | Improper Authentication vulnerability in SAP Network Interface Router 39.3 SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | 5.0 |
2013-12-09 | CVE-2013-6171 | Improper Authentication vulnerability in Dovecot checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | 5.8 |
2013-12-07 | CVE-2013-6920 | Improper Authentication vulnerability in Siemens products Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 10.0 |
2013-12-07 | CVE-2013-6634 | Improper Authentication vulnerability in Google Chrome The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | 6.8 |
2013-11-23 | CVE-2013-6859 | Improper Authentication vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. | 8.5 |
2013-11-20 | CVE-2013-6828 | Improper Authentication vulnerability in Pineapp Mail-Secure admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | 6.4 |
2013-11-05 | CVE-2013-4435 | Improper Authentication vulnerability in Saltstack Salt Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | 6.0 |
2013-11-02 | CVE-2013-6347 | Improper Authentication vulnerability in Novell Zenworks Configuration Management Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
2013-10-28 | CVE-2013-6012 | Improper Authentication vulnerability in Juniper Junos 12.1X44/12.1X45 Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. | 8.5 |