Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-13 | CVE-2008-6716 | Improper Authentication vulnerability in Preprojects PRE ADS Portal homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request. | 7.5 |
2009-04-10 | CVE-2008-6714 | Improper Authentication vulnerability in Xecms Project Xecms 1.0.0 admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie. | 7.5 |
2009-04-10 | CVE-2008-6707 | Improper Authentication vulnerability in Avaya Communication Manager and SIP Enablement Services The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." | 6.4 |
2009-04-09 | CVE-2009-1155 | Improper Authentication vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | 7.8 |
2009-04-08 | CVE-2008-6667 | Improper Authentication vulnerability in Marc Melvin A+ PHP Scripts News Management System A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | 7.5 |
2009-04-02 | CVE-2008-6581 | Improper Authentication vulnerability in PHPaddedit 1.3 login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | 7.5 |
2009-03-31 | CVE-2003-1570 | Improper Authentication vulnerability in IBM Tivoli Storage Manager The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | 3.5 |
2009-03-31 | CVE-2008-6569 | Improper Authentication vulnerability in Cybozu Garoon Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | 6.8 |
2009-03-31 | CVE-2009-0892 | Improper Authentication vulnerability in IBM Websphere Application Server The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | 5.5 |
2009-03-30 | CVE-2008-6553 | Improper Authentication vulnerability in Impliedbydesign Micro-Cms microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | 7.5 |