TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2014-02-27
Updated
2014-02-27
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-02-27
Updated
2015-07-29
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-02-22
Updated
2023-08-15
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-02-22
Updated
2023-08-11
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-02-22
Updated
2014-03-06
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-02-20
Updated
2014-02-20
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-02-20
Updated
2014-02-21
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
Max CVSS
5.0
EPSS Score
0.29%
Published
2014-02-13
Updated
2014-02-13
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
Max CVSS
5.0
EPSS Score
0.19%
Published
2014-02-13
Updated
2014-02-13
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
4.3
EPSS Score
1.88%
Published
2014-02-12
Updated
2018-10-12
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
Max CVSS
4.0
EPSS Score
0.75%
Published
2014-02-02
Updated
2018-10-09
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
Max CVSS
7.8
EPSS Score
4.20%
Published
2014-02-04
Updated
2015-12-18
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.
Max CVSS
10.0
EPSS Score
0.83%
Published
2014-02-04
Updated
2014-02-04
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
Max CVSS
5.8
EPSS Score
0.34%
Published
2014-02-14
Updated
2014-02-14
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
Max CVSS
5.8
EPSS Score
0.34%
Published
2014-02-14
Updated
2014-02-14
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
Max CVSS
5.0
EPSS Score
0.25%
Published
2014-02-10
Updated
2023-02-13
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!