Search Results (4517 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2689 1 Siemens 1 Ruggedcom Rox I 2025-04-20 N/A
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
CVE-2017-17434 2 Debian, Samba 2 Debian Linux, Rsync 2025-04-20 N/A
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
CVE-2017-17430 1 Sangoma 2 Netborder\/vega Session, Netborder\/vega Session Firmware 2025-04-20 N/A
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
CVE-2015-1778 1 Opendaylight 1 Opendaylight 2025-04-20 N/A
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
CVE-2017-2186 1 Kddi 2 Home Spot Cube 2, Home Spot Cube 2 Firmware 2025-04-20 N/A
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.
CVE-2015-1401 1 Ldap \/ Sso Authentication Project 1 Ldap \/ Sso Authentication 2025-04-20 N/A
Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
CVE-2016-2102 1 Haproxy 1 Haproxy 2025-04-20 N/A
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVE-2017-14337 1 Misp-project 1 Misp 2025-04-20 N/A
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
CVE-2012-0803 1 Apache 1 Cxf 2025-04-20 N/A
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
CVE-2016-9362 1 Wago 7 750-8202, 750-881, 750-xxxx Series Firmware and 4 more 2025-04-20 N/A
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.
CVE-2015-6237 1 Tripwire 1 Ip360 2025-04-20 N/A
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."
CVE-2017-17777 1 Paid To Read Script Project 1 Paid To Read Script 2025-04-20 N/A
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.
CVE-2017-11645 1 Netcomm 2 4gt101w Bootloader, 4gt101w Software 2025-04-20 N/A
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.
CVE-2017-1000154 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
CVE-2015-7746 1 Netapp 1 Data Ontap 2025-04-20 N/A
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
CVE-2017-1000068 1 Betterment 1 Testtrack 2025-04-20 7.5 High
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.
CVE-2017-12213 1 Cisco 2 Catalyst 4000, Ios Xe 2025-04-20 N/A
A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751.
CVE-2016-8937 1 Ibm 1 Tivoli Storage Manager 2025-04-20 N/A
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
CVE-2017-8403 1 360fly 2 4k Camera, 4k Camera Firmware 2025-04-20 N/A
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.
CVE-2017-4989 1 Emc 1 Avamar Server 2025-04-20 N/A
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.