Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1160 | Improper Authentication vulnerability in Webspell 4.0 webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 10.0 |
2007-02-22 | CVE-2007-1062 | Improper Authentication vulnerability in Cisco products The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | 10.0 |
2007-02-12 | CVE-2006-6997 | Improper Authentication vulnerability in Mailenable Enterprise and Mailenable Standard Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. | 10.0 |
2007-01-23 | CVE-2007-0435 | Improper Authentication vulnerability in T-Com Speedport 500V and Speedport 500V Firmware T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. | 7.5 |
2006-12-28 | CVE-2006-6783 | Improper Authentication vulnerability in Logahead UNU 1.0 logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. | 7.5 |
2006-12-23 | CVE-2006-6705 | Improper Authentication vulnerability in Soumu products Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | 5.0 |
2006-08-25 | CVE-2006-2113 | Improper Authentication vulnerability in multiple products The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. | 6.4 |
2006-08-08 | CVE-2006-3583 | Improper Authentication vulnerability in Jetbox CMS 2.1Sr1 Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | 7.5 |
2006-06-13 | CVE-2006-2380 | Improper Authentication vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | 4.3 |
2006-05-30 | CVE-2006-2636 | Improper Authentication vulnerability in Katy Whitton Newscmslite newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | 7.5 |