Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-19 | CVE-2013-5426 | Improper Authentication vulnerability in IBM products Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | 4.9 |
2013-12-14 | CVE-2013-4001 | Improper Authentication vulnerability in IBM Cognos Command Center 10.0/10.1 Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | 4.3 |
2013-12-14 | CVE-2013-1364 | Improper Authentication vulnerability in Zabbix The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | 5.0 |
2013-12-13 | CVE-2013-7093 | Improper Authentication vulnerability in SAP Network Interface Router 39.3 SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | 5.0 |
2013-12-09 | CVE-2013-6171 | Improper Authentication vulnerability in Dovecot checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | 5.8 |
2013-12-07 | CVE-2013-6920 | Improper Authentication vulnerability in Siemens products Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 10.0 |
2013-12-07 | CVE-2013-6634 | Improper Authentication vulnerability in Google Chrome The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | 6.8 |
2013-11-23 | CVE-2013-6859 | Improper Authentication vulnerability in Sybase Adaptive Server Enterprise 15.0.3/15.5/15.7 SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. | 8.5 |
2013-11-20 | CVE-2013-6828 | Improper Authentication vulnerability in Pineapp Mail-Secure admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | 6.4 |
2013-11-05 | CVE-2013-4435 | Improper Authentication vulnerability in Saltstack Salt Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | 6.0 |