Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-04-11 | CVE-2013-1155 | Improper Authentication vulnerability in Cisco Firewall Services Module Software The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624. | 7.8 |
2013-04-02 | CVE-2013-2743 | Improper Authentication vulnerability in Ithemes Backupbuddy importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter. | 7.5 |
2013-04-02 | CVE-2013-2741 | Improper Authentication vulnerability in Ithemes Backupbuddy importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. | 7.5 |
2013-03-29 | CVE-2013-1080 | Improper Authentication vulnerability in Novell Zenworks Configuration Management 10.3/11.2 The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | 10.0 |
2013-03-28 | CVE-2013-0935 | Improper Authentication vulnerability in EMC Smarts Network Configuration Manager 9.1 EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2013-03-27 | CVE-2013-0258 | Improper Authentication vulnerability in Google Authenticator Login Project GA Login 7.X1.0/7.X1.1/7.X1.2 The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | 6.8 |
2013-03-27 | CVE-2013-0487 | Improper Authentication vulnerability in IBM Lotus Domino The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | 8.5 |
2013-03-14 | CVE-2012-4446 | Improper Authentication vulnerability in Apache Qpid The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. | 6.8 |
2013-03-08 | CVE-2012-4066 | Improper Authentication vulnerability in Eucalyptus The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | 5.0 |
2013-02-27 | CVE-2013-1134 | Improper Authentication vulnerability in Cisco Unified Communications Manager 9.0(1) The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. | 7.1 |