| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. |
| Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. |
| admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. |
| Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. |
| Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. |
| myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information. |
| admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. |
| admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. |
| login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. |
| index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values. |
| Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. |
| Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. |
| Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin." |
| Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. |
| Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php. |
| TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin. |
| The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. |
| The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. |
