Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-26 | CVE-2007-5113 | Improper Authentication vulnerability in ROI Revolution Urchin report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112. | 5.0 |
| 2007-09-26 | CVE-2007-5085 | Improper Authentication vulnerability in Apache Geronimo 2.0.1/2.1 Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | 5.0 |
| 2007-09-24 | CVE-2007-5057 | Improper Authentication vulnerability in Netsupport Manager Client NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. | 10.0 |
| 2007-09-20 | CVE-2007-5008 | Improper Authentication vulnerability in HP Hp-Ux 11.11/11.23/11.31 The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. | 9.0 |
| 2007-09-06 | CVE-2007-4747 | Improper Authentication vulnerability in Cisco products The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729. | 10.0 |
| 2007-08-31 | CVE-2007-4632 | Improper Authentication vulnerability in Cisco IOS 12.2E/12.2F/12.2S Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. | 4.3 |
| 2007-08-27 | CVE-2007-4548 | Improper Authentication vulnerability in Apache Geronimo 2.0 The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | 10.0 |
| 2007-08-20 | CVE-2007-4438 | Improper Authentication vulnerability in Ampache Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2007-08-18 | CVE-2007-4419 | Improper Authentication vulnerability in Olate Olatedownload 3.4.1 Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | 9.3 |
| 2007-08-15 | CVE-2007-4364 | Improper Authentication vulnerability in Fedoraproject Commons Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. | 8.5 |