Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-31 | CVE-2011-0688 | Improper Authentication vulnerability in Symantec products Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. | 9.3 |
2011-01-18 | CVE-2011-0489 | Improper Authentication vulnerability in Objectivity Objectivity/Db 10.0 The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. | 7.5 |
2010-12-22 | CVE-2010-4591 | Improper Authentication vulnerability in IBM Lotus Mobile Connect The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | 4.4 |
2010-12-22 | CVE-2010-4573 | Improper Authentication vulnerability in VMWare Esxi 4.1 The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | 9.3 |
2010-12-22 | CVE-2010-3905 | Improper Authentication vulnerability in Eucalyptus 2.0.0/2.0.1 The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. | 7.5 |
2010-12-22 | CVE-2010-4333 | Improper Authentication vulnerability in Pangramsoft Pointter PHP Micro-Blogging Social Network 1.8 Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | 7.5 |
2010-12-22 | CVE-2010-4332 | Improper Authentication vulnerability in Pangramsoft Pointter PHP Content Management System 1.0 Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | 7.5 |
2010-12-07 | CVE-2010-4488 | Improper Authentication vulnerability in Google Chrome Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 |
2010-12-02 | CVE-2010-4279 | Improper Authentication vulnerability in Artica Pandora FMS The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | 10.0 |
2010-11-17 | CVE-2010-3868 | Improper Authentication vulnerability in Redhat Certificate System and Dogtag Certificate System Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | 5.8 |