Total
3893 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1596 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | N/A |
| Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2010-1454 | 1 Vmware | 1 Tc Server | 2025-04-11 | N/A |
| com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password. | ||||
| CVE-2010-1375 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-1222 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | N/A |
| CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | ||||
| CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | N/A |
| CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. | ||||
| CVE-2010-1191 | 1 Sahanafoundation | 1 Sahana | 2025-04-11 | N/A |
| Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. | ||||
| CVE-2010-1097 | 1 Dedecms | 1 Dedecms | 2025-04-11 | N/A |
| include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. | ||||
| CVE-2010-1040 | 1 Tejimaya | 1 Openpne | 2025-04-11 | N/A |
| The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing. | ||||
| CVE-2010-1022 | 2 Marcus Krause, Typo3 | 2 T3sec Saltedpw, Typo3 | 2025-04-11 | N/A |
| The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2010-0834 | 2 Dell, Ubuntu | 2 Latitude 2110 Netbook, Ubuntu Linux | 2025-04-11 | N/A |
| The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | ||||
| CVE-2010-0833 | 1 Likewise | 2 Likewise Cifs, Likewise Open | 2025-04-11 | N/A |
| The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | ||||
| CVE-2010-0756 | 1 Wikyblog | 1 Wikyblog | 2025-04-11 | N/A |
| Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main. | ||||
| CVE-2010-0554 | 1 Geopp | 1 Geo\+\+ Gncaster | 2025-04-11 | N/A |
| The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack. | ||||
| CVE-2010-0550 | 1 Geopp | 1 Geo\+\+ Gncaster | 2025-04-11 | N/A |
| admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy. | ||||
| CVE-2010-0521 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | ||||
| CVE-2010-0498 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-0447 | 1 Hp | 1 Openview Performance Insight | 2025-04-11 | N/A |
| The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | ||||
| CVE-2009-5116 | 1 Mcafee | 1 Linuxshield | 2025-04-11 | N/A |
| McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | ||||
| CVE-2009-5083 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2009-5077 | 1 Creloaded | 1 Cre Loaded | 2025-04-11 | N/A |
| CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php. | ||||