Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4861 | Improper Authentication vulnerability in Jasio.Net Ragnarok Online Control Panel 4.3.4A functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | 7.5 |
| 2005-12-31 | CVE-2005-4851 | Improper Authentication vulnerability in EZ Publish eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | 4.0 |
| 2005-12-03 | CVE-2005-3979 | Improper Authentication vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4/1.4.2 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | 5.0 |
| 2005-06-12 | CVE-2005-1957 | Improper Authentication vulnerability in Adam Mmedici File Upload Manager mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | 7.5 |
| 2005-05-02 | CVE-2005-1020 | Improper Authentication vulnerability in Cisco IOS Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | 7.1 |
| 2004-12-31 | CVE-2004-2736 | Improper Authentication vulnerability in Polar Software Helpdesk 3.0 Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | 5.0 |
| 2004-12-31 | CVE-2004-2734 | Improper Authentication vulnerability in Novell Netware 6.5 webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | 10.0 |
| 2004-12-31 | CVE-2004-2724 | Improper Authentication vulnerability in Lionmax Software Chat Anywhere 2.72A LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | 7.1 |
| 2004-12-31 | CVE-2004-2715 | Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | 7.5 |
| 2004-12-31 | CVE-2004-2182 | Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650 Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | 7.5 |