Vulmon Recent Vulnerabilities Trends About Contact

authentication bypass vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2005-2105
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username....
CiscoIos
NA
CVE-2004-2600
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN...
IntelCli Auto-configuration UtilityClient System Setup UtilityServer Configuration WizardServer ControlSystem Setup UtilityCarrier Grade Server Tigpr2uCarrier Grade Server Tsrlt2Carrier Grade Server Tsrmt2Entry Server Board Se7210tp1-eEntry Server Platform Sr1325tp1-eServer Board Scb2Server Board Sds2Server Board Se7500wv2Server Board Se7501hg2Server Board Shg2Server Platform Spsh4Server Platform Sr870bh2Server Platform Sr870bn4Server Platform Srsh4HpCarrier Grade Server Cc2300Carrier Grade Server Cc3300Carrier Grade Server Cc3310
NA
CVE-2004-0627
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string....
Mysql
NA
CVE-2004-0628
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string....
Mysql
NA
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA...
IbmWebsphere Application ServerMono ProjectMonoOracleApplication ServerBea Product SuiteWeblogic Server Component
NA
CVE-2002-0757
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary...
UserminWebmin
NA
CVE-2003-1095
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to...
BeaWeblogic Server
NA
CVE-2001-1507
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged....
OpenbsdOpenssh
NA
CVE-2013-2944
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature....
Strongswan
NA
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."...
Strongswan
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
appscanCVE-2019-4746cross domain local storage projectunauthorizedcross domain local storageCVE-2020-6647CVE-2018-21039CVE-2019-17026CVE-2017-18676local file inclusionandroidCVE-2020-0688cross-site scripting