CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...

CVE-2011-4118

Mahara before 1.4.1, when MNet aka the Moodle network feature is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target...

CVE-2019-5396

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...

CVE-2012-2381

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

CVE-2012-6451

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability...

CVE-2013-2358

Unspecified vulnerability in HP System Management Homepage SMH before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360...

CVE-2019-19678

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue...

CVE-2014-5202

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

CVE-2013-1128

Multiple cross-site request forgery CSRF vulnerabilities in the server in Cisco Unified MeetingPlace before 7.12.2000 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party...

CVE-2012-6067

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c...

CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

CVE-2012-4974

Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified 1 loggedinenduser, 2 loggedinendusername, 3 loggedinuserusergroup, 4 loggedinuser, or 5 loggedinusername cookie...

CVE-2013-4985

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream...

CVE-2014-3139

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string...

CVE-2012-6047

Cross-site request forgery CSRF vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php...

CVE-2005-3642

IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username...

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...

CVE-2003-0752

SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cookid parameter...

CVE-2005-4740

IBM DB2 Universal Database UDB 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service db2jd service crash by "connecting from a downlevel client."...

CVE-2007-3616

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module...