Search Results (11736 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3356 1 Viewvc 1 Viewvc 2025-04-11 N/A
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-0487 1 Ibm 1 Lotus Domino 2025-04-11 N/A
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
CVE-2011-1472 1 Nokia 2 E75, E75 Firmware 2025-04-11 N/A
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
CVE-2010-3896 1 Ibm 1 Omnifind 2025-04-11 N/A
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.
CVE-2013-4001 1 Ibm 1 Cognos Command Center 2025-04-11 N/A
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
CVE-2011-4860 1 Schneider-electric 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 2025-04-11 N/A
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.
CVE-2011-4051 1 Indusoft 1 Web Studio 2025-04-11 N/A
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
CVE-2012-5353 1 Eduserv 1 Openathens Service Provider 2025-04-11 N/A
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
CVE-2010-0498 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
CVE-2010-0521 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
CVE-2012-2281 1 Rsa 2 Access Manager Agent, Access Manager Server 2025-04-11 N/A
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
CVE-2013-3268 1 Novell 1 Imanager 2025-04-11 N/A
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
CVE-2012-2388 1 Strongswan 1 Strongswan 2025-04-11 N/A
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
CVE-2012-3472 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
CVE-2010-3905 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
CVE-2013-3060 2 Apache, Redhat 3 Activemq, Fuse Message Broker, Fuse Mq Enterprise 2025-04-11 N/A
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
CVE-2011-0380 1 Cisco 1 Telepresence Manager 2025-04-11 N/A
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.
CVE-2011-2176 2 Gnome, Redhat 2 Networkmanager, Enterprise Linux 2025-04-11 N/A
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
CVE-2013-3039 1 Ibm 1 Rational Requirements Composer 2025-04-11 N/A
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.
CVE-2013-4316 2 Apache, Oracle 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.