CWE:
 

Topic
Date
Author
Med.
Barco wePresent Authentication Bypass
21.11.2020
Jim Becher
Med.
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
01.08.2020
Matthias Deeg
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
Linksys EA6100 Wireless Router Authentication Bypass
05.12.2015
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
13.10.2015
Matthias Deeg
High
BullGuard Internet Security 15.0.297 Authentication Bypass
08.05.2015
Matthias Deeg
High
BullGuard Antivirus 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
BullGuard Premium Protection 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Panda Internet Security 2015 15.0.1 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Gold Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Global Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Antivirus Pro 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
Med.
Linksys Access Bypass
17.08.2013
K Lovett & M Claunch


CVEMAP Search Results

CVE
Details
Description
2023-11-03
Waiting for details
CVE-2023-3277

Updating...
 

 
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.

 
2023-10-26
Waiting for details
CVE-2023-46747

Updating...
 

 
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2023-10-11
Waiting for details
CVE-2023-4957

Updating...
 

 
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

 
2023-09-19
Waiting for details
CVE-2023-42793

Updating...
 

 
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

 
2023-09-14
Waiting for details
CVE-2023-4702

Updating...
 

 
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.

 
2023-09-11
Waiting for details
CVE-2023-41256

Updating...
 

 
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

 
2023-08-31
Waiting for details
CVE-2023-3162

Updating...
 

 
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.

 
2023-06-30
Waiting for details
CVE-2023-3249

Updating...
 

 
The Web3 �?? Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

 
Waiting for details
CVE-2023-2834

Updating...
 

 
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

 
2023-06-29
Waiting for details
CVE-2023-2982

Updating...
 

 
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top