Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2182 | Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650 Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | 7.5 |
2004-01-21 | CVE-2004-1760 | Improper Authentication vulnerability in multiple products The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | 10.0 |
2003-12-31 | CVE-2003-1489 | Improper Authentication vulnerability in Truegalerie 1.0 upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. | 5.0 |
2003-12-31 | CVE-2003-1475 | Improper Authentication vulnerability in Netbus 1.5/1.6/1.7 Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | 6.8 |
2003-12-31 | CVE-2003-1442 | Improper Authentication vulnerability in Ericsson Hm220Dp Adsl Modem The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | 7.5 |
2003-12-31 | CVE-2003-1434 | Improper Authentication vulnerability in Pete Werner Login Ldap 3.1/3.2 login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | 6.8 |
2003-12-31 | CVE-2003-1433 | Improper Authentication vulnerability in Epic Games Unreal Engine 226F/433/436 Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | 4.3 |
2003-12-31 | CVE-2003-1343 | Improper Authentication vulnerability in Trend Micro Scanmail Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | 7.5 |
2002-12-31 | CVE-2002-2417 | Improper Authentication vulnerability in Acftp 1.4 acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | 10.0 |
2002-12-31 | CVE-2002-2397 | Improper Authentication vulnerability in Symantec Sygate Personal Firewall 5.0 Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | 10.0 |