Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-4860 EPSS 0.02

Schneider-electric Quantum Ethernet M... - Authentication Bypass

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

CWE-287 Dec 17, 2011

CVE-2011-4677 EPSS 0.01

Oneclickorgs One Click Orgs < 1.2.2 - Authentication Bypass

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CWE-287 Dec 06, 2011

CVE-2011-4051 2 PoCs Analysis EPSS 0.73

InduSoft Web Studio <7.0 - RCE

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

CWE-287 Dec 05, 2011

CVE-2011-1372 EPSS 0.00

IBM TS3100/TS3200 <A.60 - Auth Bypass

The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.

CWE-287 Nov 28, 2011

CVE-2011-3997 EPSS 0.00

Opengear console server <2.2.1 - Auth Bypass

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.

CWE-287 Nov 09, 2011

CVE-2011-2014 EPSS 0.10

Microsoft Windows - Auth Bypass

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."

CWE-287 Nov 08, 2011

CVE-2011-2676 EPSS 0.01

Ark-web A-form < 1.3.5 - Authentication Bypass

The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.

CWE-287 Nov 03, 2011

CVE-2011-4214 EPSS 0.03

OneOrZero AIMS 2.7.0 - Auth Bypass

OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.

CWE-287 Nov 01, 2011

CVE-2011-3298 EPSS 0.00

Cisco Adaptive Security Appliance Software - Authentication Bypass

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.

CWE-287 Oct 06, 2011

CVE-2011-3297 EPSS 0.01

Cisco Firewall Services Module Software - Authentication Bypass

Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.

CWE-287 Oct 06, 2011

CVE-2011-2766 EPSS 0.00

Fast Cgi < 0.73 - Authentication Bypass

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

CWE-287 Sep 23, 2011

CVE-2011-3577 EPSS 0.01

IBM WebSphere Commerce <6.0.0.11 & <7.0.0.3 - Info Disclosure

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

CWE-287 Sep 20, 2011

CVE-2011-2925 EPSS 0.00

Redhat Enterprise Mrg - Authentication Bypass

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.

CWE-287 Sep 20, 2011

CVE-2011-2176 EPSS 0.00

GNOME NetworkManager <0.8.6 - Privilege Escalation

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.

CWE-287 Sep 02, 2011

CVE-2011-1411 EPSS 0.00

Shibboleth OpenSAML <2.4.3, <2.5.1 - Auth Bypass

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

CWE-287 Sep 02, 2011

CVE-2011-2762 EPSS 0.01

Lifesize Room Appliance Software - Authentication Bypass

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.

CWE-287 Sep 02, 2011

CVE-2011-2733 EPSS 0.00

EMC Rsa Adaptive Authentication On-premise - Authentication Bypass

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.

CWE-287 Aug 18, 2011

CVE-2011-2907 EPSS 0.01

Clusterresources Torque Resource Manager - Authentication Bypass

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.

CWE-287 Aug 15, 2011

CVE-2011-0527 EPSS 0.00

Vmware TC Server - Authentication Bypass

VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.

CWE-287 Aug 15, 2011

CVE-2009-5083 EPSS 0.00

IBM Tivoli Federated Identity Manager - Authentication Bypass

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors.

CWE-287 Aug 12, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps