CWE:
 

Topic
Date
Author
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP
Med.
Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication
07.02.2010
RedTeam
High
dB Masters Multimedia Insecure Cookie Handling Vulnerability
07.01.2010
indoushka
Med.
Sitecore Staging 5.4.0 Module Authentication bypass and file manipulation
24.12.2009
Lukas Weichselbaum
High
Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
15.12.2009
ZDI
High
linux kernel 2.6.25.15 nfsd4: fix null dereference creating nfsv4 callback
05.11.2009
Eugene Teoeugeneteo
High
Everfocus EDR1600 remote authentication bypass
04.11.2009
Andrea Fabrizi
Med.
PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
28.09.2009
SirGod
Med.
OSSIM version 2.1 remote SQL injection and cross site scripting
25.09.2009
DSecRG
Med.
LiveStreet Xss Vulnerable Exploit
22.09.2009
Inj3ct0r
Med.
Basic PHP Events Lister 2 Reset Admin Pass/Add Admin Vulns
16.09.2009
Mr.SeCreT
High
simplePHPWeb 0.2 (files.php) Authentication Bypass Vulnerability
15.09.2009
SirGod
Med.
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
03.09.2009
underwater
High
zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit
31.08.2009
real
High
AJ ARTICLE Remote Authentication Bypass Vulnerability
27.08.2009
G4N0K
High
Maian Greetings 2.1 Insecure Cookie Handling Vulnerability
27.08.2009
Saime
High
Aj Classifieds Authentication Bypass Vulnerability
26.08.2009
G4N0K
High
NatterChat 1.1 Remote Admin Bypass Vulnerability
26.08.2009
Mountassif Moad
High
AJSquare Free Polling Script (DB) Multiple Vulnerabilities
26.08.2009
G4N0K
Med.
HyperStop WebHost Directory Arbitrary Backup Database
24.08.2009
r45c4l
High
Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability
24.08.2009
Stack
Med.
Free PHP VX Guestbook 1.06 Arbitrary Database Backup Vulnerability
23.08.2009
SirGod
High
Libra PHP File Manager <= 1.18 Insecure Cookie Handling Vulnerability
23.08.2009
Stack
Med.
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges
21.08.2009
Felix Buenemann
High
Snom VoIP/SIP Phones Authentication Bypass
18.08.2009
null
High
AJ Auction Authentication Bypass Vulnerability
15.08.2009
G4N0K
High
turnkeyforms Text Link Sales Auth Bypass Vulnerability
15.08.2009
G4N0K
High
MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vulnerability
14.08.2009
RoMaNcYxHaCkEr
High
turnkeyforms Web Hosting Directory Multiple Vulnerabilities
13.08.2009
G4N0K
High
TaskDriver <= 1.3 Remote Change Admin Password Exploit
10.08.2009
cOndemned
High
SpeedStream 5200 Authentication Bypass Config Download Vulnerability
08.08.2009
hkm
High
ZEEJOBSITE 2.0 Remote File Upload Vulnerability
08.08.2009
ZoRLu
High
BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit
07.08.2009
CWH Team
Med.
PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
29.07.2009
SirGod
High
Desi Short URL Insecure Cookie Handling Vulnerability
29.07.2009
N@bilX
High
DD-WRT (httpd service) Remote Command Execution Vulnerability
21.07.2009
gat3way
High
Absolute Form Processor 4.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Live Support 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability
15.07.2009
x0r
High
Absolute Content Rotator 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability
15.07.2009
Hakxer
Med.
Absolute Control Panel XE 1.5 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Banner Manager Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Manager 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute FAQ Manager 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
14.07.2009
Core
High
phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability
11.07.2009
SirGod
Med.
Tutorial Share <= 3.5.0 Insecure Cookie Handling Vulnerability
03.07.2009
Evil-Cod3r
Med.
MIDAS 1.43 (Auth Bypass) Insecure Cookie Handling Vulnerability
01.07.2009
HxH
Med.
phportal 1.0 Insecure Cookie Handling Vulnerability
23.06.2009
xhaxkerx
High
Grestul 1.2 Remote Add Administrator Account Exploit
15.06.2009
ThE g0bL!N
High
Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability
10.06.2009
Mr.tro0oqy
High
Million Dollar Text Links 1.x Insecure Cookie Handling Vulnerability
02.06.2009
HxH
Med.
MyKtools 2.4 Arbitrary Database Backup Vulnerability
29.05.2009
Mountassif Moad
High
Eaton MGE OPS Network Shutdown Module - authentication bypass & remote code execution
29.05.2009
nruns
High
TCPDB 3.8 Arbitrary Add Admin Account Vulnerability
20.05.2009
Mr.tro0oqy
High
T-Dreams Job Career Package 3.0 Insecure Cookie Handling Vulnerability
17.05.2009
TiGeR-Dz
Med.
Simple Customer 1.3 Arbitrary Change Admin Password Exploit
17.05.2009
ahmadbady
Med.
AjaxTerm session id collision
15.05.2009
Andrea Barisani
Med.
Teraway LinkTracker 1.0 Insecure Cookie Handling Vulnerability
15.05.2009
ThE g0bL!N


CVEMAP Search Results

CVE
Details
Description
2018-05-16
Medium
CVE-2018-0271

Updating...
 

 
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394.

 
2018-05-10
Medium
CVE-2018-7941

Vendor: Huawei
Software: 1288h v5 fir...
 

 
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

 
Medium
CVE-2018-7940

Updating...
 

 
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.

 
2018-05-09
Medium
CVE-2018-6020

Vendor: Silextechnology
Software: Geh-500 firmware
 

 
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.

 
Medium
CVE-2018-10683

Vendor: Wildfly
Software: Wildfly
 

 
** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security realm reference" implies "effectively unsecured." The vendor explicitly supports these unsecured configurations because they have valid use cases during development.

 
High
CVE-2018-10682

Vendor: Wildfly
Software: Wildfly
 

 
** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server.

 
2018-05-04
Medium
CVE-2017-3775

Updating...
 

 
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.

 
2018-05-03
Medium
CVE-2018-10561

Vendor: Dasannetworks
Software: Gpon router ...
 

 
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

 
2018-05-02
Medium
CVE-2018-10544

Vendor: Meross
Software: Mss110 firmware
 

 
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.

 
Low
CVE-2018-0247

Vendor: Cisco
Software: Aironet acce...
 

 
A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top