CWE:
 

Topic
Date
Author
Med.
Designed & Developed by Sacit.Lk SriLanka Improper Authentication Vulnerability
05.07.2018
KingSkrupellos
Med.
Powered by Yii Framework RBAC Manager for Yii 2 Improper Authentication Vulnerability
01.07.2018
KingSkrupellos
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP
Med.
Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication
07.02.2010
RedTeam
High
dB Masters Multimedia Insecure Cookie Handling Vulnerability
07.01.2010
indoushka
Med.
Sitecore Staging 5.4.0 Module Authentication bypass and file manipulation
24.12.2009
Lukas Weichselbaum
High
Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
15.12.2009
ZDI
High
linux kernel 2.6.25.15 nfsd4: fix null dereference creating nfsv4 callback
05.11.2009
Eugene Teoeugeneteo
High
Everfocus EDR1600 remote authentication bypass
04.11.2009
Andrea Fabrizi
Med.
PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
28.09.2009
SirGod
Med.
OSSIM version 2.1 remote SQL injection and cross site scripting
25.09.2009
DSecRG
Med.
LiveStreet Xss Vulnerable Exploit
22.09.2009
Inj3ct0r
Med.
Basic PHP Events Lister 2 Reset Admin Pass/Add Admin Vulns
16.09.2009
Mr.SeCreT
High
simplePHPWeb 0.2 (files.php) Authentication Bypass Vulnerability
15.09.2009
SirGod
Med.
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
03.09.2009
underwater
High
zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit
31.08.2009
real
High
AJ ARTICLE Remote Authentication Bypass Vulnerability
27.08.2009
G4N0K
High
Maian Greetings 2.1 Insecure Cookie Handling Vulnerability
27.08.2009
Saime
High
Aj Classifieds Authentication Bypass Vulnerability
26.08.2009
G4N0K
High
NatterChat 1.1 Remote Admin Bypass Vulnerability
26.08.2009
Mountassif Moad
High
AJSquare Free Polling Script (DB) Multiple Vulnerabilities
26.08.2009
G4N0K
Med.
HyperStop WebHost Directory Arbitrary Backup Database
24.08.2009
r45c4l
High
Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability
24.08.2009
Stack
Med.
Free PHP VX Guestbook 1.06 Arbitrary Database Backup Vulnerability
23.08.2009
SirGod
High
Libra PHP File Manager <= 1.18 Insecure Cookie Handling Vulnerability
23.08.2009
Stack
Med.
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges
21.08.2009
Felix Buenemann
High
Snom VoIP/SIP Phones Authentication Bypass
18.08.2009
null
High
AJ Auction Authentication Bypass Vulnerability
15.08.2009
G4N0K
High
turnkeyforms Text Link Sales Auth Bypass Vulnerability
15.08.2009
G4N0K
High
MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vulnerability
14.08.2009
RoMaNcYxHaCkEr
High
turnkeyforms Web Hosting Directory Multiple Vulnerabilities
13.08.2009
G4N0K
High
TaskDriver <= 1.3 Remote Change Admin Password Exploit
10.08.2009
cOndemned
High
SpeedStream 5200 Authentication Bypass Config Download Vulnerability
08.08.2009
hkm
High
ZEEJOBSITE 2.0 Remote File Upload Vulnerability
08.08.2009
ZoRLu
High
BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit
07.08.2009
CWH Team
Med.
PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
29.07.2009
SirGod
High
Desi Short URL Insecure Cookie Handling Vulnerability
29.07.2009
N@bilX
High
DD-WRT (httpd service) Remote Command Execution Vulnerability
21.07.2009
gat3way
High
Absolute Form Processor 4.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Live Support 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability
15.07.2009
x0r
High
Absolute Content Rotator 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability
15.07.2009
Hakxer
Med.
Absolute Control Panel XE 1.5 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Banner Manager Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Manager 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute FAQ Manager 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
14.07.2009
Core
High
phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability
11.07.2009
SirGod
Med.
Tutorial Share <= 3.5.0 Insecure Cookie Handling Vulnerability
03.07.2009
Evil-Cod3r
Med.
MIDAS 1.43 (Auth Bypass) Insecure Cookie Handling Vulnerability
01.07.2009
HxH
Med.
phportal 1.0 Insecure Cookie Handling Vulnerability
23.06.2009
xhaxkerx
High
Grestul 1.2 Remote Add Administrator Account Exploit
15.06.2009
ThE g0bL!N
High
Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability
10.06.2009
Mr.tro0oqy
High
Million Dollar Text Links 1.x Insecure Cookie Handling Vulnerability
02.06.2009
HxH
Med.
MyKtools 2.4 Arbitrary Database Backup Vulnerability
29.05.2009
Mountassif Moad
High
Eaton MGE OPS Network Shutdown Module - authentication bypass & remote code execution
29.05.2009
nruns
High
TCPDB 3.8 Arbitrary Add Admin Account Vulnerability
20.05.2009
Mr.tro0oqy
High
T-Dreams Job Career Package 3.0 Insecure Cookie Handling Vulnerability
17.05.2009
TiGeR-Dz
Med.
Simple Customer 1.3 Arbitrary Change Admin Password Exploit
17.05.2009
ahmadbady


CVEMAP Search Results

CVE
Details
Description
2018-06-29
Medium
CVE-2018-12984

Vendor: Hycus cms project
Software: Hycus cms
 

 
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.

 
2018-06-26
Medium
CVE-2018-6667

Updating...
 

 
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).

 
Low
CVE-2018-0528

Vendor: Cybozu
Software: Office
 

 
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

 
2018-06-21
Medium
CVE-2018-12613

Vendor: Phpmyadmin
Software: Phpmyadmin
 

 
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).

 
Medium
CVE-2018-0362

Vendor: Cisco
Software: 5100 enterpr...
 

 
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.

 
2018-06-18
Medium
CVE-2018-9024

Updating...
 

 
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.

 
2018-06-15
High
CVE-2018-1085

Updating...
 

 
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.

 
2018-06-13
Medium
CVE-2018-12271

Vendor: Dropbox
Software: Dropbox
 

 
** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.

 
Medium
CVE-2018-11407

Vendor: Sensiolabs
Software: Symfony
 

 
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

 
2018-06-12
Medium
CVE-2018-12228

Updating...
 

 
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top