Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-31 | CVE-2007-5752 | Improper Authentication vulnerability in Agtc Websolutions PHP-Agtc Membership System 1.1A adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | 7.5 |
| 2007-10-30 | CVE-2007-5714 | Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0 The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | 6.8 |
| 2007-10-18 | CVE-2007-5578 | Improper Authentication vulnerability in Secureideas Basic Analysis and Security Engine 1.3.6 Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | 7.5 |
| 2007-10-12 | CVE-2007-5391 | Improper Authentication vulnerability in HP Select Identity Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | 10.0 |
| 2007-10-12 | CVE-2007-5383 | Improper Authentication vulnerability in multiple products The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. | 10.0 |
| 2007-10-11 | CVE-2007-5374 | Improper Authentication vulnerability in Lightblog 8.4.1.1 cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | 6.5 |
| 2007-10-01 | CVE-2007-5006 | Improper Authentication vulnerability in multiple products Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | 10.0 |
| 2007-10-01 | CVE-2007-5162 | Improper Authentication vulnerability in Ruby-Lang Ruby 1.8.5/1.8.6 The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | 4.3 |
| 2007-10-01 | CVE-2007-5152 | Improper Authentication vulnerability in SUN products Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | 7.5 |
| 2007-09-27 | CVE-2007-3754 | Improper Authentication vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | 4.3 |