Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8347 | 1 Claris | 2 Filemaker Pro, Filemaker Pro Advanced | 2020-02-13 | 7.8 High |
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | ||||
CVE-2013-1360 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2020-02-13 | 9.8 Critical |
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | ||||
CVE-2014-9753 | 1 Atutor | 1 Atutor | 2020-02-12 | 9.8 Critical |
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | ||||
CVE-2017-18641 | 1 Linuxcontainers | 1 Lxc | 2020-02-12 | 8.1 High |
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | ||||
CVE-2012-6340 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-11 | 4.6 Medium |
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | ||||
CVE-2020-8771 | 1 Wptimecapsule | 1 Wp Time Capsule | 2020-02-11 | 9.8 Critical |
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | ||||
CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2020-02-10 | 9.8 Critical |
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2020-02-10 | 9.8 Critical |
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | ||||
CVE-2013-3096 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2020-02-10 | 5.9 Medium |
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | ||||
CVE-2013-5112 | 1 Evernote | 1 Evernote | 2020-02-10 | 4.6 Medium |
Evernote before 5.5.1 has insecure PIN storage | ||||
CVE-2013-6920 | 1 Siemens | 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more | 2020-02-10 | N/A |
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | ||||
CVE-2013-5944 | 1 Siemens | 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt | 2020-02-10 | N/A |
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | ||||
CVE-2015-2823 | 1 Siemens | 6 Simatic Hmi Basic Panels Generation 1, Simatic Hmi Basic Panels Generation 2, Simatic Hmi Comfort Panels and 3 more | 2020-02-10 | N/A |
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. | ||||
CVE-2015-0102 | 1 Ibm | 1 Workflow | 2020-02-07 | 8.1 High |
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 9.8 Critical |
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | ||||
CVE-2020-8591 | 1 Eginnovations | 1 Eg Manager | 2020-02-06 | 9.8 Critical |
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | ||||
CVE-2020-8510 | 1 Phpabook Project | 1 Phpabook | 2020-02-06 | 9.8 Critical |
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | ||||
CVE-2020-5206 | 1 Apereo | 1 Opencast | 2020-02-05 | 10.0 Critical |
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 | ||||
CVE-2019-19825 | 1 Totolink | 16 A3002ru, A3002ru Firmware, A702r and 13 more | 2020-02-05 | 9.8 Critical |
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. | ||||
CVE-2013-1600 | 1 Dlink | 4 Dcs-2102, Dcs-2102 Firmware, Dcs-2121 and 1 more | 2020-02-04 | 5.3 Medium |
An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information. |