Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-04 | CVE-2008-3905 | Improper Authentication vulnerability in Ruby-Lang Ruby resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 5.8 |
2008-09-03 | CVE-2008-3891 | Improper Authentication vulnerability in Google Apps The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | 7.5 |
2008-08-27 | CVE-2008-3738 | Improper Authentication vulnerability in Spacetag Lacoodast Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
2008-08-20 | CVE-2008-3729 | Improper Authentication vulnerability in Microworld Technologies Mailscan 5.6.A Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | 7.5 |
2008-08-18 | CVE-2008-3703 | Improper Authentication vulnerability in Symantec Veritas Storage Foundation 5.0/5.1 The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. | 10.0 |
2008-08-10 | CVE-2008-3579 | Improper Authentication vulnerability in Calacode Atmail 5.41 Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. | 7.8 |
2008-08-06 | CVE-2008-3504 | Improper Authentication vulnerability in Mpfm Mask PHP File Manager Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies." | 7.5 |
2008-08-06 | CVE-2008-3503 | Improper Authentication vulnerability in Webgui Plain Black Webgui RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | 5.0 |
2008-07-31 | CVE-2008-3428 | Improper Authentication vulnerability in PHPfreechat 1.0/1.1 Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | 6.5 |
2008-07-31 | CVE-2008-3425 | Improper Authentication vulnerability in SUN products Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | 6.5 |