CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 125/128 • 15317 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15317 CVEs for this tag (all time). In the last 365 days, 3826 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-07-11
High

CVE-2007-3704

Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."

CVSS: 7.5 CWE: N/A View on NVD
2007-07-10
Critical

CVE-2007-3647

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traf…

CVSS: 10.0 CWE: N/A View on NVD
2007-07-05
High

CVE-2007-3567

MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST request…

CVSS: 7.5 CWE: N/A View on NVD
2007-06-12
Critical

CVE-2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which ca…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-3184

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the A…

CVSS: 7.2 CWE: CWE-287 - Improper Authentication View on NVD
2007-06-06
Critical

CVE-2007-3095

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV…

CVSS: 9.0 CWE: N/A View on NVD
2007-06-04
Critical

CVE-2007-2279

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the servi…

CVSS: 9.3 CWE: CWE-264 View on NVD
2007-06-01
Critical

CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the…

CVSS: 10.0 CWE: CWE-264 View on NVD
2007-05-30
Medium

CVE-2007-2912

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-22
Critical

CVE-2007-2822

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.ph…

CVSS: 9.3 CWE: N/A View on NVD
2007-05-21
Critical

CVE-2007-2783

Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue…

CVSS: 10.0 CWE: N/A View on NVD
2007-05-13
Critical

CVE-2007-2638

eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive informat…

CVSS: 10.0 CWE: N/A View on NVD
2007-05-02
Medium

CVE-2007-1859

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, whic…

CVSS: 4.6 CWE: CWE-287 - Improper Authentication View on NVD
2007-04-25
High

CVE-2007-2232

The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.

CVSS: 7.5 CWE: N/A View on NVD
2007-04-24
Medium

CVE-2007-0738

The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2007-0739

The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, w…

CVSS: 4.6 CWE: N/A View on NVD
2007-04-22
Medium

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that r…

CVSS: 5.1 CWE: N/A View on NVD
2007-04-18
High

CVE-2007-2081

MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.

CVSS: 7.5 CWE: N/A View on NVD
2007-04-13
High

CVE-2007-2023

USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyP…

CVSS: 7.2 CWE: N/A View on NVD
2007-04-12
High

CVE-2007-2007

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.

CVSS: 7.5 CWE: N/A View on NVD
2007-04-06
Critical

CVE-2007-0956

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2007-03-31
Medium

CVE-2007-1788

Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.

CVSS: 6.8 CWE: N/A View on NVD
2007-03-22
High

CVE-2007-1603

admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request.

CVSS: 7.5 CWE: N/A View on NVD
2007-03-20
Medium

CVE-2007-1540

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2007-1541

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
2007-03-16
High

CVE-2007-1471

admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.

CVSS: 7.5 CWE: N/A View on NVD
2007-03-13
Medium

CVE-2007-0730

Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modi…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1436

Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from o…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-1437

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execu…

CVSS: 9.0 CWE: N/A View on NVD
2007-03-10
High

CVE-2007-1389

dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) valid…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1345

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass…

CVSS: 4.1 CWE: N/A View on NVD
Medium

CVE-2006-7163

DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecif…

CVSS: 6.9 CWE: N/A View on NVD
2007-03-07
High

CVE-2006-7144

SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-7161

SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.

CVSS: 7.5 CWE: N/A View on NVD
2007-03-06
High

CVE-2006-7116

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id var…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2007-03-05
High

CVE-2006-7111

Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
2007-03-03
High

CVE-2007-1243

Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstal…

CVSS: 7.5 CWE: N/A View on NVD
2007-03-02
High

CVE-2006-7074

admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2006-7082

Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1156

JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-1160

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2007-02-22
Critical

CVE-2007-1062

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass au…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2007-02-21
High

CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1036

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access…

CVSS: 7.5 CWE: CWE-264 View on NVD
2007-02-16
Critical

CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RH…

CVSS: 10.0 CWE: N/A View on NVD
2007-02-15
High

CVE-2006-7016

phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.

CVSS: 7.5 CWE: N/A View on NVD
2007-02-14
High

CVE-2007-0924

Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2…

CVSS: 7.5 CWE: N/A View on NVD
2007-02-12
High

CVE-2007-0873

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0874

Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: thi…

CVSS: 6.8 CWE: N/A View on NVD
2007-02-08
High

CVE-2007-0845

admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0844

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryp…

CVSS: 6.4 CWE: N/A View on NVD
2007-02-07
Medium

CVE-2007-0829

avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to gues…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-0806

Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other local…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-23
High

CVE-2007-0435

T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2007-0418

BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote…

CVSS: 7.5 CWE: N/A View on NVD
2007-01-12
High

CVE-2007-0184

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

CVSS: 7.5 CWE: N/A View on NVD
2007-01-10
High

CVE-2007-0163

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replac…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-0164

Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of…

CVSS: 7.8 CWE: N/A View on NVD
2007-01-04
Critical

CVE-2007-0057

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the…

CVSS: 10.0 CWE: CWE-255 View on NVD
High

CVE-2007-0058

Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backup…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2006-12-29
High

CVE-2006-6818

AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.

CVSS: 7.5 CWE: N/A View on NVD
2006-12-28
High

CVE-2006-6783

logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authen…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2006-12-23
Medium

CVE-2006-6705

Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 a…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2006-12-21
High

CVE-2006-6679

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by s…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2006-12-18
High

CVE-2006-6608

Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unaut…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-14
High

CVE-2006-6537

IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html.

CVSS: 7.5 CWE: N/A View on NVD
2006-12-10
High

CVE-2006-6434

Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to by…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-04
High

CVE-2006-6246

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-20
Medium

CVE-2006-5986

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined w…

CVSS: 6.8 CWE: N/A View on NVD
2006-11-16
High

CVE-2006-5932

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authentic…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-08
High

CVE-2006-5794

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass auth…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-07
High

CVE-2006-5787

admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-5777

Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-03
High

CVE-2006-5660

Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an emp…

CVSS: 7.5 CWE: N/A View on NVD
2006-10-27
High

CVE-2006-5592

Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx".

CVSS: 7.5 CWE: N/A View on NVD
2006-10-20
Medium

CVE-2006-5412

admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_lo…

CVSS: 5.1 CWE: N/A View on NVD
2006-10-17
Medium

CVE-2006-5300

Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privil…

CVSS: 6.5 CWE: N/A View on NVD
2006-10-13
High

CVE-2006-5290

The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute ar…

CVSS: 7.5 CWE: N/A View on NVD
2006-10-12
High

CVE-2006-5245

Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/.

CVSS: 7.5 CWE: N/A View on NVD
2006-10-03
Low

CVE-2006-4390

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be…

CVSS: 2.6 CWE: N/A View on NVD
2006-09-29
High

CVE-2006-5091

Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
2006-09-19
High

CVE-2006-4887

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and ga…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2006-4846

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authent…

CVSS: 5.1 CWE: N/A View on NVD
2006-09-14
Medium

CVE-2006-4782

src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified…

CVSS: 5.4 CWE: N/A View on NVD
2006-09-12
High

CVE-2006-4717

The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentica…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-07
High

CVE-2006-4603

NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-4607

admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.

CVSS: 7.5 CWE: N/A View on NVD
2006-09-06
High

CVE-2006-4584

Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-4588

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demon…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-31
High

CVE-2006-4502

ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.

CVSS: 7.5 CWE: N/A View on NVD
2006-08-29
Medium

CVE-2006-4427

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-4430

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms b…

CVSS: 5.0 CWE: N/A View on NVD
2006-08-18
Critical

CVE-2006-4228

Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management int…

CVSS: 9.0 CWE: N/A View on NVD
2006-08-14
High

CVE-2006-4122

Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.

CVSS: 7.5 CWE: N/A View on NVD
2006-08-11
High

CVE-2006-4078

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

CVSS: 7.5 CWE: N/A View on NVD
2006-08-09
High

CVE-2006-3979

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

CVSS: 7.2 CWE: N/A View on NVD
2006-07-31
High

CVE-2006-3939

ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) acces…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-24
High

CVE-2006-3797

SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.

CVSS: 7.5 CWE: N/A View on NVD
2006-07-18
High

CVE-2006-2450

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-13
Critical

CVE-2006-3553

PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.

CVSS: 10.0 CWE: N/A View on NVD
2006-07-11
High

CVE-2006-3515

SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) pas…

CVSS: 7.5 CWE: N/A View on NVD
2006-07-03
High

CVE-2006-3344

Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component.

CVSS: 7.5 CWE: CWE-264 View on NVD
2006-06-26
High

CVE-2006-3226

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows r…

CVSS: 7.5 CWE: N/A View on NVD
2006-06-23
High

CVE-2006-3190

SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (…

CVSS: 7.5 CWE: N/A View on NVD
2006-06-19
High

CVE-2006-3092

PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.ph…

CVSS: 7.5 CWE: N/A View on NVD
2006-05-31
Medium

CVE-2006-2700

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

CVSS: 5.1 CWE: N/A View on NVD
2006-05-30
High

CVE-2006-2636

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2006-05-22
High

CVE-2006-2531

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Ag…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-2527

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter t…

CVSS: 7.5 CWE: N/A View on NVD
2006-05-15
High

CVE-2006-2369

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2006-05-12
High

CVE-2006-2342

IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.

CVSS: 7.5 CWE: N/A View on NVD
2006-05-09
High

CVE-2006-2268

SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably i…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2006-05-04
High

CVE-2006-2168

FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.

CVSS: 7.5 CWE: N/A View on NVD
2006-05-01
High

CVE-2006-2118

JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-20
Medium

CVE-2006-1888

phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can th…

CVSS: 6.8 CWE: CWE-264 View on NVD
2006-04-19
High

CVE-2006-1838

edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-13
High

CVE-2006-1774

HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypas…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1756

MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area.

CVSS: 7.5 CWE: N/A View on NVD