Search Results (4103 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7450 1 Airtame 2 Hdmi Dongle, Hdmi Dongle Firmware 2025-04-20 N/A
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
CVE-2017-7405 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.
CVE-2014-9624 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
CVE-2014-9618 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVE-2017-1000020 3 Ecos, Greatek, Totolink 3 Embedded Web Servers, Soho, Soho 2025-04-20 N/A
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."
CVE-2017-9946 1 Siemens 8 Apogee Pxc, Apogee Pxc Firmware, Apogee Pxc Modular and 5 more 2025-04-20 7.5 High
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
CVE-2016-8023 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
CVE-2017-7660 1 Apache 1 Solr 2025-04-20 N/A
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
CVE-2015-8308 1 Lxdm Project 1 Lxdm 2025-04-20 N/A
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
CVE-2017-12316 1 Cisco 1 Identity Services Engine Software 2025-04-20 N/A
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.
CVE-2017-9314 1 Dahuasecurity 44 Nvr5208-4ks2, Nvr5208-4ks2 Firmware, Nvr5208-8p-4ks2 and 41 more 2025-04-20 N/A
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
CVE-2015-3442 1 Soreco 1 Xpert.line 2025-04-20 N/A
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
CVE-2017-1000089 2 Jenkins, Redhat 2 Pipeline\, Openshift 2025-04-20 N/A
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.
CVE-2017-8151 1 Huawei 2 Honor 5s, Honor 5s Firmware 2025-04-20 N/A
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without authentication.
CVE-2017-15702 1 Apache 1 Qpid Broker-j 2025-04-20 9.8 Critical
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.
CVE-2016-4484 1 Cryptsetup Project 1 Cryptsetup 2025-04-20 N/A
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
CVE-2017-2186 1 Kddi 2 Home Spot Cube 2, Home Spot Cube 2 Firmware 2025-04-20 N/A
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.
CVE-2017-2101 1 Ipa 1 Appgoat 2025-04-20 N/A
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.
CVE-2017-14147 1 Fiberhome 2 Adsl An1020-25, Adsl An1020-25 Firmware 2025-04-20 N/A
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
CVE-2017-12698 1 Advantech 1 Webaccess 2025-04-20 N/A
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.