CWE:
 

Tytuł
Data
Autor
Med.
Ember Enterprises E2in Improper Authentication
13.12.2020
KingSkrupellos
Med.
Sanishsoft Authentication Bypass
13.12.2020
KingSkrupellos
Med.
Sharptech Digital Marketing Agency Authentication Bypass
13.12.2020
KingSkrupellos
High
WebDehasi Hosting File Insert Authentication Bypass
09.11.2020
KingSkrupellos
Med.
HindSoft Technology Pvt Ltd India Insert File Authentication Bypass
08.11.2020
KingSkrupellos
Med.
HigsonMedia Improper Authentication
29.05.2020
KingSkrupellos
Med.
UinfoTechnology Pvt Ltd Gentelella Alela Colorlib Improper Authentication
29.05.2020
KingSkrupellos
Med.
Mildtrix Business Solutions Pvt Ltd 2.3.12 Improper Authentication
29.05.2020
KingSkrupellos
Med.
Solidale InfoTech Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Bagwar Softwares Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Saloni Info Tech Accocca Constructions Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Ayan Advisory Private Limited Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Teak Squash Design and Solutions Authentication Bypass
28.05.2020
KingSkrupellos
Med.
Gharuda Infotech Pvt Ltd Authentication Bypass
28.05.2020
KingSkrupellos
Med.
NextgenUSCorp Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Upturn Smart Online Exam System Mayuri Authentication Bypass
27.05.2020
KingSkrupellos
High
WebIndiaServices Team Authentication Bypass
27.05.2020
KingSkrupellos
Med.
School Sports Promotion Foundation Sspf India Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Gangotri Group Shubham Srivastava Authentication Bypass
27.05.2020
KingSkrupellos
Med.
3NetWorks Authentication Bypass
27.05.2020
KingSkrupellos
Med.
Chamilo © 2020 Campus v1 ElFinder Backdoor Access Shell Upload Vulnerability
27.05.2020
KingSkrupellos
Med.
ABCMedya Bilişim Software 2.0 Authentication Bypass
20.05.2020
KingSkrupellos
Med.
Sync Bilişim Software Arbitrary File Upload Authentication Bypass
20.05.2020
KingSkrupellos
Med.
Ja IT Solution JaisBD Bangladesh Software Authentication Bypass
18.05.2020
KingSkrupellos
Med.
Saudi Indian Football Forum Siffjeddah Authentication Bypass Shell Upload
11.05.2020
KingSkrupellos
Med.
Great Web Solutions Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
LBMInfoTech Improper Authentication
09.05.2020
KingSkrupellos
Med.
Tiol Group WebSites Taxindiainternational Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
Great Web Solutions Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
Tiol Group WebSites Taxindiainternational Pvt Ltd Improper Authentication
09.05.2020
KingSkrupellos
Med.
LBMInfoTech Improper Authentication
09.05.2020
KingSkrupellos
High
ThietkeWebX Quatangtraitim VietNext Unauthorized File Upload Improper Authentication
06.05.2020
KingSkrupellos
Med.
Suvega Digital Media Pvt Ltd Improper Authentication
06.05.2020
KingSkrupellos
Med.
Du Hoc Ioc Vietnamese System Improper Authentication
06.05.2020
KingSkrupellos
Med.
Niladri Marketing Pvt. Ltd. Triimax_Ind Siimax Infotimes Improper Authentication
04.05.2020
KingSkrupellos
Med.
WebTechnologic SQL Injection Improper Authentication
04.05.2020
KingSkrupellos
Med.
ComangSoft Improper Authentication
03.05.2020
KingSkrupellos
Med.
Skynyx Technologies Private Limited Improper Authentication
03.05.2020
KingSkrupellos
Med.
GloriousWebTech Improper Authentication
03.05.2020
KingSkrupellos
Med.
Mystic Media Webinitiate Improper Authentication Backdoor Access
03.05.2020
KingSkrupellos
Med.
SkyWayInfoMedia Improper Authentication
03.05.2020
KingSkrupellos
Med.
TechDomain BD Improper Authentication
03.05.2020
KingSkrupellos
Med.
Pinnacle India Solution Admin Authentication Bypass
15.04.2020
KingSkrupellos
Med.
SSInfoTech Rohini WebDesign Company Authentication Bypass
18.09.2019
KingSkrupellos
Med.
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
29.08.2019
Pedro Ribeiro
Med.
RecargatonerAntequera Improper Authentication Vulnerability
20.08.2019
KingSkrupellos
Med.
Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema Suanca Industrias Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Sistema CodiFarma San Jose de los Cedros Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Bgrecuperacion Chihuahua Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
UfaCup88 Authentication Bypass Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
Keros ClaudioGarau Improper Authentication Insert File Vulnerability
19.08.2019
KingSkrupellos
Med.
AlemReklam Ajans Improper Authentication File Upload Vulnerability
17.08.2019
KingSkrupellos
Med.
Sistema Vitapromin Nuticion Inteligente Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Powered By Vlaevski Site Administration 1.0 Improper Authentication File Upload Vulnerability
11.08.2019
KingSkrupellos
Med.
Ellucian Banner Web Tailor / Banner Enterprise Identity Services Improper Authentication
14.05.2019
Joshua Mulliken
Med.
Desenvolvido por Agencia CDG Design Brasil Improper Authentication
09.04.2019
KingSkrupellos
Med.
Webmaster Atom Computer Software Counselling Improper Access Control Vulnerability
16.10.2018
KingSkrupellos
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
Designed & Developed by Sacit.Lk SriLanka Improper Authentication Vulnerability
05.07.2018
KingSkrupellos
Med.
Powered by Yii Framework RBAC Manager for Yii 2 Improper Authentication Vulnerability
01.07.2018
KingSkrupellos
Med.
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
01.11.2017
Karn Ganeshen
Med.
Samsung Smart TV Wi-Fi Direction Improper Authentication
27.04.2017
Neseso Research Team
Med.
Aruba Networks AOS 6.3.1.19 Improper Authentication
08.11.2016
Klaus Tichman
High
DOKEOS ce30 Authentication Bypass
19.02.2016
High-Tech Bridge Secur...
Low
Pentaho 5.2.x BA Suite / PDI Information Disclosure
20.09.2015
Gregory DRAPERI
High
SAP HANA IU5 SDK Authentication Bypass
30.07.2014
Onapsis
High
Dahua DVR Authentication Bypass
19.07.2014
Zhejiang
High
ASUS RT Router Anonymous FTP Access
14.02.2014
Kyle Lovett
High
Router D-Link DIR-100 Multiple Vulnerabilities
04.02.2014
Felix Richter
High
Nisuta NS-WIR150NE, NS-WIR300N Authentication Bypass
11.01.2014
ampliasecurity
Med.
Burden 1.8 Privilege Escalation
09.01.2014
High-Tech Bridge Secur...
High
Vivotek IP Cameras RTSP Authentication Bypass
06.11.2013
CORE
High
Radio Thermostat Of America Inc Lack Of Authentication
02.08.2013
Daniel Crowley
High
D-Link IP Cameras Injection & Bypass
30.04.2013
CORE
Med.
Cisco Firewall Services Module Software Multiple Vulnerabilities
10.04.2013
Cisco
Med.
EMC Smarts Network Configuration Manager Improper Authentication Vulnerability
27.03.2013
EMC
Med.
Backupbuddy 2.2.4 Sensitive Data Exposure
25.03.2013
robarmstrong.te71
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
LifeSize Room Vulnerabilities
05.09.2011
securestate net
High
RealVNC Authentication Bypass
31.08.2011
Juha-Matti
High
RSA Adaptive Authentication (On-Premise) Security Issue
24.08.2011
EMC
Med.
FreeRADIUS 2.1.11 Multiple Vulns
06.08.2011
DCERT
High
IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability
30.03.2011
ZDI
Med.
Arthur de Jong \'nss-pam-ldapd\' Authentication Bypass Vulnerability
17.03.2011
Russell Sim
High
Pointter PHP Content Management System 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
Pointter PHP Micro-Blogging Social Network 1.0 Privilege Escalation
16.12.2010
Mark Stanislav
High
OpenSSL J-PAKE Validation Error Lets Remote Users Validate Without Shared Secret Key
08.12.2010
Sebastian Martini
High
Pandora FMS <= 3.1 Authentication Bypass
05.12.2010
Juan Galiana Lara
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Camtron CMNC-200 IP Camera Authentication Bypass
18.11.2010
Trustwave's SpiderLabs
High
IBM OmniFind - several vulnerabilities
15.11.2010
Fatih Kilic
High
Likewise Open 5.4 & 6.0 Multiple Vulns
29.07.2010
Gerald Carter
Low
dootzky oblog Persistant XSS, CSRF, Admin Bruteforce
29.06.2010
null
Med.
SpringSource tc Server unauthenticated remote access to JMX interface
25.05.2010
s2-security
High
ToutVirtual VirtualIQ Multiple Vulnerabilities
21.05.2010
Claudio Criscione
High
CA XOsoft Multiple Vulns.
10.04.2010
Andrea Micalizzi aka r...
High
Varnish reverse proxy 2.0.6 Medium security hole
07.04.2010
Tim Brown
Med.
Sahana 0.6.2.2 authentication bypass
19.03.2010
nill
High
HP openview Performance Insight 5.4 Remote Execution of ArbitraryCommands
15.03.2010
HP


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-20
Waiting for details
CVE-2022-29165

Updating...
 

 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In a default Argo CD installation, anonymous access is disabled. The vulnerability can be exploited to impersonate as any user or role, including the built-in `admin` account regardless of whether it is enabled or disabled. Also, the attacker does not need an account on the Argo CD instance in order to exploit this. If anonymous access to the instance is enabled, an attacker can escalate their privileges, effectively allowing them to gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation. This will allow the attacker to create, manipulate and delete any resource on the cluster. They may also exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. As a workaround, one may disable anonymous access, but upgrading to a patched version is preferable.

 
2022-05-16
Waiting for details
CVE-2022-1349

Updating...
 

 
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user.

 
2022-05-12
High
CVE-2022-1681

Vendor: Requarks
Software: Wiki.js
 

 
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions

 
Medium
CVE-2021-0193

Vendor: IBM
Software: In-band mana...
 

 
Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

 
2022-05-11
Low
CVE-2022-1460

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.

 
Low
CVE-2022-1426

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.

 
2022-05-06
Waiting for details
CVE-2019-12254

Updating...
 

 
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.

 
2022-05-05
High
CVE-2022-29500

Vendor: Schedmd
Software: Slurm
 

 
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

 
High
CVE-2021-44057

Vendor: QNAP
Software: Photo station
 

 
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later

 
High
CVE-2021-44056

Vendor: QNAP
Software: Video station
 

 
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later

 

 


Copyright 2022, cxsecurity.com

 

Back to Top