CWE:
 

Tytuł
Data
Autor
Med.
SSInfoTech Rohini WebDesign Company Authentication Bypass
18.09.2019
KingSkrupellos
Med.
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
29.08.2019
Pedro Ribeiro
Med.
RecargatonerAntequera Improper Authentication Vulnerability
20.08.2019
KingSkrupellos
Med.
Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema Suanca Industrias Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema CodiFarma San Jose de los Cedros Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Bgrecuperacion Chihuahua Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
UfaCup88 Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Keros ClaudioGarau Improper Authentication Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
AlemReklam Ajans Improper Authentication File Upload Vulnerability
17.08.2019
KingSkrupellos
Med.
Sistema Vitapromin Nuticion Inteligente Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Powered By Vlaevski Site Administration 1.0 Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Ellucian Banner Web Tailor / Banner Enterprise Identity Services Improper Authentication
14.05.2019
Joshua Mulliken
Med.
Desenvolvido por Agencia CDG Design Brasil Improper Authentication
09.04.2019
KingSkrupellos
Med.
Webmaster Atom Computer Software Counselling Improper Access Control Vulnerability
16.10.2018
KingSkrupellos
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
Designed & Developed by Sacit.Lk SriLanka Improper Authentication Vulnerability
05.07.2018
KingSkrupellos
Med.
Powered by Yii Framework RBAC Manager for Yii 2 Improper Authentication Vulnerability
01.07.2018
KingSkrupellos
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP
Med.
Geo++(R) GNCASTER: Faulty implementation of HTTPDigest Authentication
07.02.2010
RedTeam
High
dB Masters Multimedia Insecure Cookie Handling Vulnerability
07.01.2010
indoushka
Med.
Sitecore Staging 5.4.0 Module Authentication bypass and file manipulation
24.12.2009
Lukas Weichselbaum
High
Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
15.12.2009
ZDI
High
linux kernel 2.6.25.15 nfsd4: fix null dereference creating nfsv4 callback
05.11.2009
Eugene Teoeugeneteo
High
Everfocus EDR1600 remote authentication bypass
04.11.2009
Andrea Fabrizi
Med.
PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
28.09.2009
SirGod
Med.
OSSIM version 2.1 remote SQL injection and cross site scripting
25.09.2009
DSecRG
Med.
LiveStreet Xss Vulnerable Exploit
22.09.2009
Inj3ct0r
Med.
Basic PHP Events Lister 2 Reset Admin Pass/Add Admin Vulns
16.09.2009
Mr.SeCreT
High
simplePHPWeb 0.2 (files.php) Authentication Bypass Vulnerability
15.09.2009
SirGod
Med.
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
03.09.2009
underwater
High
zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit
31.08.2009
real
High
AJ ARTICLE Remote Authentication Bypass Vulnerability
27.08.2009
G4N0K
High
Maian Greetings 2.1 Insecure Cookie Handling Vulnerability
27.08.2009
Saime
High
Aj Classifieds Authentication Bypass Vulnerability
26.08.2009
G4N0K
High
NatterChat 1.1 Remote Admin Bypass Vulnerability
26.08.2009
Mountassif Moad
High
AJSquare Free Polling Script (DB) Multiple Vulnerabilities
26.08.2009
G4N0K
Med.
HyperStop WebHost Directory Arbitrary Backup Database
24.08.2009
r45c4l
High
Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability
24.08.2009
Stack
Med.
Free PHP VX Guestbook 1.06 Arbitrary Database Backup Vulnerability
23.08.2009
SirGod
High
Libra PHP File Manager <= 1.18 Insecure Cookie Handling Vulnerability
23.08.2009
Stack
Med.
Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges
21.08.2009
Felix Buenemann
High
Snom VoIP/SIP Phones Authentication Bypass
18.08.2009
null
High
AJ Auction Authentication Bypass Vulnerability
15.08.2009
G4N0K
High
turnkeyforms Text Link Sales Auth Bypass Vulnerability
15.08.2009
G4N0K
High
MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vulnerability
14.08.2009
RoMaNcYxHaCkEr
High
turnkeyforms Web Hosting Directory Multiple Vulnerabilities
13.08.2009
G4N0K
High
TaskDriver <= 1.3 Remote Change Admin Password Exploit
10.08.2009
cOndemned
High
SpeedStream 5200 Authentication Bypass Config Download Vulnerability
08.08.2009
hkm
High
ZEEJOBSITE 2.0 Remote File Upload Vulnerability
08.08.2009
ZoRLu
High
BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit
07.08.2009
CWH Team
Med.
PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
29.07.2009
SirGod
High
Desi Short URL Insecure Cookie Handling Vulnerability
29.07.2009
N@bilX
High
DD-WRT (httpd service) Remote Command Execution Vulnerability
21.07.2009
gat3way
High
Absolute Form Processor 4.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Live Support 5.1 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability
15.07.2009
x0r
High
Absolute Content Rotator 6.0 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability
15.07.2009
Hakxer
Med.
Absolute Control Panel XE 1.5 Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Banner Manager Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer
High
Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability
15.07.2009
Hakxer


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-01-10
Medium
CVE-2014-5081

Vendor: Sphider
Software: Sphider
 

 
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

 
Medium
CVE-2012-3824

Vendor: Arialsoftware
Software: Campaign ent...
 

 
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.

 
Medium
CVE-2019-14301

Updating...
 

 
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).

 
Medium
CVE-2019-14306

Updating...
 

 
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).

 
2020-01-09
Low
CVE-2019-16788

Vendor: Wordpress
Software: Wordpress
 

 
In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.

 
High
CVE-2014-2651

Updating...
 

 
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface

 
Low
CVE-2020-1786

Updating...
 

 
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.

 
2020-01-08
Medium
CVE-2019-20360

Vendor: Impress
Software: Givewp
 

 
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.

 
Medium
CVE-2020-6170

Updating...
 

 
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.

 
Medium
CVE-2019-19518

Vendor: Broadcom
Software: Ca automic s...
 

 
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top