Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-09 | CVE-2013-0625 | Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | 9.8 |
2013-01-03 | CVE-2012-4545 | Improper Authentication vulnerability in Elinks 0.12 The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials. | 5.1 |
2012-12-31 | CVE-2012-4688 | Improper Authentication vulnerability in I-Gen Oplynx 2.01.8 The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. | 7.5 |
2012-12-24 | CVE-2012-5930 | Improper Authentication vulnerability in Microfocus Privileged User Manager 2.3.0/2.3.1 The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. | 6.4 |
2012-12-21 | CVE-2012-3002 | Improper Authentication vulnerability in multiple products The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. | 10.0 |
2012-12-04 | CVE-2012-6067 | Improper Authentication vulnerability in Freeftpd freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | 10.0 |
2012-12-04 | CVE-2012-6066 | Improper Authentication vulnerability in Freesshd 1.2.1/1.2.2/1.2.6 freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | 9.3 |
2012-12-04 | CVE-2012-5975 | Improper Authentication vulnerability in SSH Tectia Server The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c. | 9.3 |
2012-12-03 | CVE-2012-5858 | Improper Authentication vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161 Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | 4.3 |
2012-11-27 | CVE-2012-4614 | Improper Authentication vulnerability in EMC IT Operations Intelligence 9.0 The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | 9.3 |