Security Vulnerabilities, CVEs, Published In February 2012 (Bypass)
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.
Max CVSS
5.0
EPSS Score
0.54%
Published
2012-02-22
Updated
2012-03-21
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.58%
Published
2012-02-21
Updated
2018-01-05
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
Max CVSS
5.0
EPSS Score
0.28%
Published
2012-02-21
Updated
2018-01-05
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
Max CVSS
10.0
EPSS Score
0.32%
Published
2012-02-03
Updated
2012-02-06
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
Max CVSS
9.3
EPSS Score
0.32%
Published
2012-02-03
Updated
2012-02-07
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
Max CVSS
7.2
EPSS Score
0.04%
Published
2012-02-02
Updated
2012-02-03
6 vulnerabilities found