Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
Max CVSS
7.5
EPSS Score
0.90%
Published
2014-05-30
Updated
2014-06-24
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
Max CVSS
5.0
EPSS Score
9.08%
Published
2014-05-14
Updated
2017-12-29
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.
Max CVSS
4.0
EPSS Score
0.16%
Published
2014-05-29
Updated
2016-09-07
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
Max CVSS
7.5
EPSS Score
0.34%
Published
2014-05-02
Updated
2014-05-05
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
Max CVSS
8.3
EPSS Score
0.45%
Published
2014-05-22
Updated
2014-07-16
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-05-07
Updated
2023-08-11
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Max CVSS
4.0
EPSS Score
0.17%
Published
2014-05-08
Updated
2014-05-09
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.
Max CVSS
7.6
EPSS Score
0.39%
Published
2014-05-16
Updated
2018-12-12
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Max CVSS
6.8
EPSS Score
0.72%
Published
2014-05-27
Updated
2020-12-01
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
Max CVSS
6.8
EPSS Score
0.72%
Published
2014-05-08
Updated
2023-02-13
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
Max CVSS
2.1
EPSS Score
0.17%
Published
2014-05-08
Updated
2023-02-13
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.
Max CVSS
6.8
EPSS Score
0.89%
Published
2014-05-16
Updated
2014-05-16
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
Max CVSS
6.8
EPSS Score
0.16%
Published
2014-05-19
Updated
2014-05-19
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
Max CVSS
7.5
EPSS Score
0.75%
Published
2014-05-30
Updated
2014-06-26
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.
Max CVSS
7.5
EPSS Score
0.72%
Published
2014-05-19
Updated
2014-05-20
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
Max CVSS
7.5
EPSS Score
8.34%
Published
2014-05-19
Updated
2014-05-19
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active.
Max CVSS
9.3
EPSS Score
0.60%
Published
2014-05-12
Updated
2023-04-26
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
Max CVSS
6.8
EPSS Score
0.71%
Published
2014-05-12
Updated
2016-05-18
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
Max CVSS
7.5
EPSS Score
0.72%
Published
2014-05-13
Updated
2014-05-14
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Max CVSS
5.5
EPSS Score
0.13%
Published
2014-05-14
Updated
2021-03-09
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).
Max CVSS
5.0
EPSS Score
0.38%
Published
2014-05-29
Updated
2014-05-30

CVE-2013-3977

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-05-26
Updated
2017-08-29
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.
Max CVSS
4.3
EPSS Score
0.13%
Published
2014-05-26
Updated
2017-08-29
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-05-23
Updated
2017-08-29
Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.06%
Published
2014-05-29
Updated
2017-03-24
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!