Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1020 | Improper Authentication vulnerability in Cisco IOS Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | 7.1 |
| 2004-12-31 | CVE-2004-2736 | Improper Authentication vulnerability in Polar Software Helpdesk 3.0 Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | 5.0 |
| 2004-12-31 | CVE-2004-2734 | Improper Authentication vulnerability in Novell Netware 6.5 webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | 10.0 |
| 2004-12-31 | CVE-2004-2724 | Improper Authentication vulnerability in Lionmax Software Chat Anywhere 2.72A LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | 7.1 |
| 2004-12-31 | CVE-2004-2715 | Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | 7.5 |
| 2004-12-31 | CVE-2004-2182 | Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650 Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | 7.5 |
| 2004-01-21 | CVE-2004-1760 | Improper Authentication vulnerability in multiple products The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | 10.0 |
| 2003-12-31 | CVE-2003-1489 | Improper Authentication vulnerability in Truegalerie 1.0 upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | 5.0 |
| 2003-12-31 | CVE-2003-1475 | Improper Authentication vulnerability in Netbus 1.5/1.6/1.7 Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | 6.8 |
| 2003-12-31 | CVE-2003-1442 | Improper Authentication vulnerability in Ericsson Hm220Dp Adsl Modem The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | 7.5 |