Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-27 | CVE-2007-6145 | Improper Authentication vulnerability in Hitachi JP1 File Transmission Server Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | 5.0 |
| 2007-11-26 | CVE-2007-6130 | Improper Authentication vulnerability in GNU Gnump3D 2.9 gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
| 2007-11-16 | CVE-2007-6011 | Improper Authentication vulnerability in BUG Software Bughotel Reservation System Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | 10.0 |
| 2007-11-15 | CVE-2007-6006 | Improper Authentication vulnerability in Testlink TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | 10.0 |
| 2007-11-15 | CVE-2007-4693 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | 7.2 |
| 2007-11-15 | CVE-2007-4680 | Improper Authentication vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | 6.8 |
| 2007-11-15 | CVE-2007-4692 | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
| 2007-11-14 | CVE-2007-5770 | Improper Authentication vulnerability in Ruby-Lang Ruby 1.8.5/1.8.6 The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | 5.0 |
| 2007-11-10 | CVE-2007-5913 | Improper Authentication vulnerability in Jean Charles JBC Explorer dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. | 6.8 |
| 2007-11-03 | CVE-2007-5797 | Improper Authentication vulnerability in Apache Geronimo SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | 7.5 |