Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2008-09-04 CVE-2008-3905 Improper Authentication vulnerability in Ruby-Lang Ruby
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
network
ruby-lang CWE-287
5.8
2008-09-03 CVE-2008-3891 Improper Authentication vulnerability in Google Apps
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
network
low complexity
google CWE-287
7.5
2008-08-27 CVE-2008-3738 Improper Authentication vulnerability in Spacetag Lacoodast
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
network
spacetag CWE-287
6.8
2008-08-20 CVE-2008-3729 Improper Authentication vulnerability in Microworld Technologies Mailscan 5.6.A
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
network
low complexity
microworld-technologies CWE-287
7.5
2008-08-18 CVE-2008-3703 Improper Authentication vulnerability in Symantec Veritas Storage Foundation 5.0/5.1
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution.
network
low complexity
symantec CWE-287
critical
10.0
2008-08-10 CVE-2008-3579 Improper Authentication vulnerability in Calacode Atmail 5.41
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree.
network
low complexity
linux calacode CWE-287
7.8
2008-08-06 CVE-2008-3504 Improper Authentication vulnerability in Mpfm Mask PHP File Manager
Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."
network
low complexity
mpfm CWE-287
7.5
2008-08-06 CVE-2008-3503 Improper Authentication vulnerability in Webgui Plain Black Webgui
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
network
low complexity
webgui CWE-287
5.0
2008-07-31 CVE-2008-3428 Improper Authentication vulnerability in PHPfreechat 1.0/1.1
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
network
low complexity
phpfreechat CWE-287
6.5
2008-07-31 CVE-2008-3425 Improper Authentication vulnerability in SUN products
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
network
low complexity
sun CWE-287
6.5