Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-24 | CVE-2011-3372 | Improper Authentication vulnerability in Cyrus Imapd imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | 7.5 |
| 2011-12-17 | CVE-2011-4860 | Improper Authentication vulnerability in Schneider-Electric products The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | 10.0 |
| 2011-12-06 | CVE-2011-4677 | Improper Authentication vulnerability in Oneclickorgs ONE Click Orgs One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
| 2011-12-05 | CVE-2011-4051 | Improper Authentication vulnerability in Indusoft web Studio 6.1/7.0 CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. | 10.0 |
| 2011-11-28 | CVE-2011-1372 | Improper Authentication vulnerability in IBM products The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 6.8 |
| 2011-11-09 | CVE-2011-3997 | Improper Authentication vulnerability in Opengear products Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | 7.5 |
| 2011-11-03 | CVE-2011-2676 | Improper Authentication vulnerability in Ark-Web products The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. | 5.5 |
| 2011-11-01 | CVE-2011-4214 | Improper Authentication vulnerability in Oneorzero Aims 2.7.0 OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. | 10.0 |
| 2011-10-06 | CVE-2011-3297 | Improper Authentication vulnerability in Cisco products Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | 7.8 |
| 2011-09-23 | CVE-2011-2766 | Improper Authentication vulnerability in multiple products The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | 7.5 |