Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12984 | 1 Hycus Cms Project | 1 Hycus Cms | 2018-08-20 | N/A |
| Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. | ||||
| CVE-2018-0528 | 1 Cybozu | 1 Office | 2018-08-09 | N/A |
| Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | ||||
| CVE-2016-2403 | 1 Sensiolabs | 1 Symfony | 2018-08-06 | N/A |
| Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | ||||
| CVE-2018-11407 | 1 Sensiolabs | 1 Symfony | 2018-08-03 | N/A |
| An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403. | ||||
| CVE-2016-10532 | 1 Console-io Project | 1 Console-io | 2018-07-20 | N/A |
| console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response. | ||||
| CVE-2018-7943 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-07-20 | N/A |
| There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege. | ||||
| CVE-2017-7639 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | N/A |
| QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server. | ||||
| CVE-2014-10067 | 1 Paypal-ipn Project | 1 Paypal-ipn | 2018-07-09 | N/A |
| paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | ||||
| CVE-2018-11478 | 1 Vgate | 2 Icar 2 Wi-fi Obd2, Icar 2 Wi-fi Obd2 Firmware | 2018-07-05 | N/A |
| An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. | ||||
| CVE-2018-7949 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-07-05 | N/A |
| The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. | ||||
| CVE-2016-10525 | 1 Dwyl | 1 Hapi-auth-jwt2 | 2018-07-02 | N/A |
| When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | ||||
| CVE-2017-9421 | 1 Accellion | 1 Kiteworks | 2018-06-27 | N/A |
| Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | ||||
| CVE-2018-7941 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-06-14 | N/A |
| Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. | ||||
| CVE-2017-3775 | 1 Lenovo | 22 Flex System X240 M5, Flex System X240 M5 Bios, Flex System X280 X6 and 19 more | 2018-06-13 | N/A |
| Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. | ||||
| CVE-2018-6020 | 1 Silextechnology | 8 Geh-500, Geh-500 Firmware, Geh-sd-320an and 5 more | 2018-06-13 | N/A |
| In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. | ||||
| CVE-2018-10544 | 1 Meross | 2 Mss110, Mss110 Firmware | 2018-06-13 | N/A |
| Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | ||||
| CVE-2018-9232 | 1 Twsz | 2 Be126, Be126 Firmware | 2018-06-13 | N/A |
| Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | ||||
| CVE-2018-7940 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2018-06-13 | N/A |
| Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. | ||||
| CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2018-05-22 | N/A |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | ||||
| CVE-2014-0927 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2018-05-22 | N/A |
| The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | ||||