Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4982 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
AVTECH AVN801 DVR has a security bypass via the administration login captcha
|
|||||
| CVE-2013-4976 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
|
|||||
| CVE-2013-4863 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
|
|||||
| CVE-2013-4621 | 1 Magdevgroup | 1 Magnolia Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
|
|||||
| CVE-2013-4593 | 1 Omniauth-facebook Project | 1 Omniauth-facebook | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
RubyGem omniauth-facebook has an access token security vulnerability
|
|||||
| CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability
|
|||||
| CVE-2013-4454 | 1 Getbutterfly | 1 Portable-phpmyadmin | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
|
|||||
| CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
|
|||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
|
|||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
|
|||||
| CVE-2013-3215 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
|
|||||
| CVE-2013-3096 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.
|
|||||
| CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
|
|||||
| CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
|
|||||
| CVE-2013-3085 | 1 Belkin | 2 F5d8236-4, F5d8236-4 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
|
|||||
| CVE-2013-3072 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
|
|||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
|
|||||
| CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
|
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
|
|||||
| CVE-2013-2569 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
|
|||||
| CVE-2013-2159 | 1 Monkey-project | 1 Monkey | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Monkey HTTP Daemon: broken user name authentication
|
|||||
| CVE-2013-2120 | 1 Kde | 1 Paste Applet | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
|
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
|
|||||
| CVE-2013-1600 | 1 Dlink | 4 Dcs-2102, Dcs-2102 Firmware, Dcs-2121 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.
|
|||||
| CVE-2013-1596 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.
|
|||||
| CVE-2013-1391 | 5 Capturecctv, Hachi, Huntcctv and 2 more | 40 Cdr 0410ve, Cdr 0410ve Firmware, Cdr 0820vde and 37 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
|
|||||
| CVE-2013-1360 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
|
|||||
| CVE-2013-1359 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
|
|||||
| CVE-2013-10004 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2012-6710 | 1 Extplorer | 1 Extplorer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.
|
|||||
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability
|
|||||
| CVE-2012-6340 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
|
|||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.
|
|||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
|
|||||
| CVE-2012-2714 | 1 Browserid Project | 1 Browserid | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
|
|||||
| CVE-2012-1258 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
|
|||||
| CVE-2012-10001 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.
|
|||||
| CVE-2011-4973 | 1 Mod Nss Project | 1 Mod Nss | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
|
|||||
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
|
|||||
| CVE-2011-4338 | 1 Shaman Project | 1 Shaman | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
|
|||||
| CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
|
|||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-21 | 6.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
|
|||||