Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-09 | CVE-2008-4515 | Improper Authentication vulnerability in Blue Coat Systems K9 web Protection 4.0.230 Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. | 7.5 |
| 2008-10-08 | CVE-2008-3814 | Improper Authentication vulnerability in Cisco Unity Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once. | 5.8 |
| 2008-10-03 | CVE-2008-4427 | Improper Authentication vulnerability in Phlatline Personal Information Manager changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | 7.5 |
| 2008-09-29 | CVE-2008-4319 | Improper Authentication vulnerability in Libra File Manager PHP Filemanager fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | 6.4 |
| 2008-09-25 | CVE-2008-4244 | Improper Authentication vulnerability in Rianxosencabos CMS Rianxosencabos CMS 0.9 Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | 7.5 |
| 2008-09-24 | CVE-2008-4146 | Improper Authentication vulnerability in Addalink Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field. | 5.0 |
| 2008-09-22 | CVE-2008-4167 | Improper Authentication vulnerability in Ezphotogallery 2.1 useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. | 6.4 |
| 2008-09-16 | CVE-2008-3611 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | 6.3 |
| 2008-09-16 | CVE-2008-3610 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | 7.6 |
| 2008-09-15 | CVE-2008-4081 | Improper Authentication vulnerability in Stash 1.0.3 admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | 7.5 |