Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2182 Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
network
low complexity
macromedia CWE-287
7.5
2004-01-21 CVE-2004-1760 Improper Authentication vulnerability in multiple products
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
network
low complexity
cisco ibm CWE-287
critical
10.0
2003-12-31 CVE-2003-1489 Improper Authentication vulnerability in Truegalerie 1.0
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
network
low complexity
truegalerie CWE-287
5.0
2003-12-31 CVE-2003-1475 Improper Authentication vulnerability in Netbus 1.5/1.6/1.7
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
network
netbus CWE-287
6.8
2003-12-31 CVE-2003-1442 Improper Authentication vulnerability in Ericsson Hm220Dp Adsl Modem
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
network
low complexity
ericsson CWE-287
7.5
2003-12-31 CVE-2003-1434 Improper Authentication vulnerability in Pete Werner Login Ldap 3.1/3.2
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
6.8
2003-12-31 CVE-2003-1433 Improper Authentication vulnerability in Epic Games Unreal Engine 226F/433/436
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
4.3
2003-12-31 CVE-2003-1343 Improper Authentication vulnerability in Trend Micro Scanmail
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
network
low complexity
trend-micro CWE-287
7.5
2002-12-31 CVE-2002-2417 Improper Authentication vulnerability in Acftp 1.4
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
network
low complexity
acftp CWE-287
critical
10.0
2002-12-31 CVE-2002-2397 Improper Authentication vulnerability in Symantec Sygate Personal Firewall 5.0
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
network
low complexity
symantec CWE-287
critical
10.0