Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-15 | CVE-2006-2369 | Improper Authentication vulnerability in VNC Realvnc 4.1.1 RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | 7.5 |
| 2006-05-05 | CVE-2006-2224 | Improper Authentication vulnerability in Quagga Routing Software Suite RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | 5.0 |
| 2006-03-14 | CVE-2006-1228 | Improper Authentication vulnerability in Drupal Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | 5.1 |
| 2006-02-10 | CVE-2006-0633 | Improper Authentication vulnerability in Invisionpower Invision Power Board 2.1.4 The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | 6.4 |
| 2006-01-25 | CVE-2006-0416 | Improper Authentication vulnerability in Sleeperchat SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | 5.0 |
| 2006-01-22 | CVE-2006-0374 | Improper Authentication vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21 Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | 7.5 |
| 2005-12-31 | CVE-2005-4861 | Improper Authentication vulnerability in Jasio.Net Ragnarok Online Control Panel 4.3.4A functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function. | 7.5 |
| 2005-12-31 | CVE-2005-4851 | Improper Authentication vulnerability in EZ Publish eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | 4.0 |
| 2005-12-03 | CVE-2005-3979 | Improper Authentication vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4/1.4.2 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | 5.0 |
| 2005-06-12 | CVE-2005-1957 | Improper Authentication vulnerability in Adam Mmedici File Upload Manager mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | 7.5 |