Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Ember Enterprises E2in Improper Authentication
13.12.2020
KingSkrupellos
Med.
Sanishsoft Authentication Bypass
13.12.2020
KingSkrupellos
Med.
Sharptech Digital Marketing Agency Authentication Bypass
13.12.2020
KingSkrupellos
High
WebDehasi Hosting File Insert Authentication Bypass
09.11.2020
KingSkrupellos
Med.
HindSoft Technology Pvt Ltd India Insert File Authentication Bypass
08.11.2020
KingSkrupellos
Med.
HigsonMedia Improper Authentication
29.05.2020
KingSkrupellos
Med.
UinfoTechnology Pvt Ltd Gentelella Alela Colorlib Improper Authentication
29.05.2020
KingSkrupellos
Med.
Mildtrix Business Solutions Pvt Ltd 2.3.12 Improper Authentication
29.05.2020
KingSkrupellos
Med.
Solidale InfoTech Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Bagwar Softwares Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Saloni Info Tech Accocca Constructions Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Ayan Advisory Private Limited Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Teak Squash Design and Solutions Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Gharuda Infotech Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
NextgenUSCorp Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Upturn Smart Online Exam System Mayuri Authentication Bypass
27.05.2020
KingSkrupellos
High
WebIndiaServices Team Authentication Bypass
27.05.2020
KingSkrupellos
Med.
School Sports Promotion Foundation Sspf India Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Gangotri Group Shubham Srivastava Authentication Bypass
27.05.2020
KingSkrupellos
Med.
3NetWorks Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Chamilo © 2020 Campus v1 ElFinder Backdoor Access Shell Upload Vulnerability
27.05.2020
KingSkrupellos
Med.
ABCMedya Bilişim Software 2.0 Authentication Bypass
20.05.2020
KingSkrupellos
Med.
Sync Bilişim Software Arbitrary File Upload Authentication Bypass
20.05.2020
KingSkrupellos
Med.
Ja IT Solution JaisBD Bangladesh Software Authentication Bypass
18.05.2020
KingSkrupellos
Med.
Saudi Indian Football Forum Siffjeddah Authentication Bypass Shell Upload
11.05.2020
KingSkrupellos
Med.
Great Web Solutions Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
LBMInfoTech Improper Authentication
09.05.2020
KingSkrupellos
Med.
Tiol Group WebSites Taxindiainternational Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
Great Web Solutions Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
Tiol Group WebSites Taxindiainternational Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
LBMInfoTech Improper Authentication
09.05.2020
KingSkrupellos
High
ThietkeWebX Quatangtraitim VietNext Unauthorized File Upload Improper Authentication
06.05.2020
KingSkrupellos
Med.
Suvega Digital Media Pvt Ltd Improper Authentication
06.05.2020
KingSkrupellos
Med.
Du Hoc Ioc Vietnamese System Improper Authentication
06.05.2020
KingSkrupellos
Med.
Niladri Marketing Pvt. Ltd. Triimax_Ind Siimax Infotimes Improper Authentication
04.05.2020
KingSkrupellos
Med.
WebTechnologic SQL Injection Improper Authentication
04.05.2020
KingSkrupellos
Med.
ComangSoft Improper Authentication
03.05.2020
KingSkrupellos
Med.
Skynyx Technologies Private Limited Improper Authentication
03.05.2020
KingSkrupellos
Med.
GloriousWebTech Improper Authentication
03.05.2020
KingSkrupellos
Med.
Mystic Media Webinitiate Improper Authentication Backdoor Access
03.05.2020
KingSkrupellos
Med.
SkyWayInfoMedia Improper Authentication
03.05.2020
KingSkrupellos
Med.
TechDomain BD Improper Authentication
03.05.2020
KingSkrupellos
Med.
Pinnacle India Solution Admin Authentication Bypass
15.04.2020
KingSkrupellos
Med.
SSInfoTech Rohini WebDesign Company Authentication Bypass
18.09.2019
KingSkrupellos
Med.
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
29.08.2019
Pedro Ribeiro
Med.
RecargatonerAntequera Improper Authentication Vulnerability
20.08.2019
KingSkrupellos
Med.
Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema Suanca Industrias Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema CodiFarma San Jose de los Cedros Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Bgrecuperacion Chihuahua Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
UfaCup88 Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Keros ClaudioGarau Improper Authentication Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
AlemReklam Ajans Improper Authentication File Upload Vulnerability
17.08.2019
KingSkrupellos
Med.
Sistema Vitapromin Nuticion Inteligente Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Powered By Vlaevski Site Administration 1.0 Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Ellucian Banner Web Tailor / Banner Enterprise Identity Services Improper Authentication
14.05.2019
Joshua Mulliken
Med.
Desenvolvido por Agencia CDG Design Brasil Improper Authentication
09.04.2019
KingSkrupellos
Med.
Webmaster Atom Computer Software Counselling Improper Access Control Vulnerability
16.10.2018
KingSkrupellos
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
Designed & Developed by Sacit.Lk SriLanka Improper Authentication Vulnerability
05.07.2018
KingSkrupellos
Med.
Powered by Yii Framework RBAC Manager for Yii 2 Improper Authentication Vulnerability
01.07.2018
KingSkrupellos
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP
CVEMAP Search Results
CVE
Details
Description
2024-10-23
CVE-2024-9927
Updating...
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators.
CVE-2024-9947
Updating...
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
2024-10-20
CVE-2024-10173
Updating...
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
2024-10-16
CVE-2024-45216
Updating...
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
CVE-2020-36832
Updating...
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID.
2024-10-15
CVE-2024-47080
Updating...
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients.
CVE-2024-38139
Updating...
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
2024-10-10
CVE-2024-45148
Updating...
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.
CVE-2024-45115
Updating...
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.
2024-10-08
CVE-2024-41798
Updating...
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.
Copyright
2024
, cxsecurity.com
Back to Top