Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-12 | CVE-2009-4929 | Improper Authentication vulnerability in Sweetphp Totalcalender 2.4 admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | 7.5 |
2010-07-12 | CVE-2009-4927 | Improper Authentication vulnerability in Webmobo Wbnews 2.1.2 WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | 7.5 |
2010-07-08 | CVE-2010-2668 | Improper Authentication vulnerability in Adaptivedisplays products Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | 6.4 |
2010-07-06 | CVE-2010-1670 | Improper Authentication vulnerability in Mahara Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. | 7.5 |
2010-07-02 | CVE-2010-2620 | Improper Authentication vulnerability in Open-Ftpd 1.0 Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first. | 9.3 |
2010-06-25 | CVE-2009-4909 | Improper Authentication vulnerability in Dootzky Oblog admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests. | 6.8 |
2010-06-17 | CVE-2010-1375 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | 7.2 |
2010-06-17 | CVE-2008-4389 | Improper Authentication vulnerability in Symantec Appstream and Workspace Streaming Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle attackers to download arbitrary executable files onto a client system, and execute these files, via unspecified vectors. | 9.3 |
2010-06-03 | CVE-2010-2149 | Improper Authentication vulnerability in Fujitsu E-Pares Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. | 4.0 |
2010-05-26 | CVE-2010-2026 | Improper Authentication vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | 6.4 |