CWE:
 

Topic
Date
Author
Med.
Sophos UTM 9.410 loginuser confd Service Privilege Escalation
06.03.2018
KoreLogic
Med.
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
28.08.2016
Fernando Russ and Mati...
Med.
JD Edwards 9.1 EnterpriseOne Server Create Users
28.08.2016
Fernando Russ and Mati...
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
Med.
Davolink DV-2051 Missing Access Control
06.08.2016
Eric Flokstra
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Allied Telesis AT-RG634A ADSL router unauthenticated webshell
26.03.2014
Sebastian Muniz
High
INSTEON Hub 2242-222 Lack Of Authentication
02.08.2013
David Bryan


CVEMAP Search Results

CVE
Details
Description
2018-04-18
Medium
CVE-2018-5338

Vendor: Zohocorp
Software: Manageengine...
 

 
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.

 
2018-04-09
High
CVE-2018-0554

Vendor: Buffalo
Software: Wzr-1750dhp2...
 

 
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

 
2018-04-04
Low
CVE-2018-9119

Vendor: Brilliantts
Software: Fuze card bl...
 

 
An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.

 
2018-03-31
Medium
CVE-2018-9162

Vendor: Contec-touch
Software: Smart home f...
 

 
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.

 
2018-03-14
Medium
CVE-2018-7702

Updating...
 

 
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.

 
2018-03-09
High
CVE-2018-0521

Vendor: Buffalo
Software: Wxr-1900dhp2...
 

 
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

 
Medium
CVE-2017-10854

Vendor: Corega
Software: Cg-wgr 1200 ...
 

 
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

 
2018-03-08
Medium
CVE-2014-7271

Vendor: Fedoraproject
Software: Fedora
 

 
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.

 
2018-03-01
Medium
CVE-2018-2368

Vendor: SAP
Software: Netweaver sy...
 

 
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.

 
2018-02-22
Medium
CVE-2018-7301

Vendor: EQ-3
Software: Homematic ce...
 

 
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top