Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-1391

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Oct, 2019 | 20:36
Updated At-06 Aug, 2024 | 14:57
Rejected At-
Credits

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Oct, 2019 | 20:36
Updated At:06 Aug, 2024 | 14:57
Rejected At:
▼CVE Numbering Authority (CNA)

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
x_refsource_MISC
http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
x_refsource_MISC
https://www.securityfocus.com/bid/57579/info
vdb-entry
x_refsource_BID
Hyperlink: https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
Resource:
x_refsource_MISC
Hyperlink: http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
Resource:
x_refsource_MISC
Hyperlink: https://www.securityfocus.com/bid/57579/info
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
x_refsource_MISC
x_transferred
http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
x_refsource_MISC
x_transferred
https://www.securityfocus.com/bid/57579/info
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.securityfocus.com/bid/57579/info
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Oct, 2019 | 21:15
Updated At:05 Nov, 2019 | 16:33

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

huntcctv
huntcctv
>>dvr-04ch_firmware>>-
cpe:2.3:o:huntcctv:dvr-04ch_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-04ch>>-
cpe:2.3:h:huntcctv:dvr-04ch:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-04nc_firmware>>-
cpe:2.3:o:huntcctv:dvr-04nc_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-04nc>>-
cpe:2.3:h:huntcctv:dvr-04nc:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-08ch_firmware>>-
cpe:2.3:o:huntcctv:dvr-08ch_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-08ch>>-
cpe:2.3:h:huntcctv:dvr-08ch:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-08nc_firmware>>-
cpe:2.3:o:huntcctv:dvr-08nc_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-08nc>>-
cpe:2.3:h:huntcctv:dvr-08nc:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-16ch_firmware>>-
cpe:2.3:o:huntcctv:dvr-16ch_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dvr-16ch>>-
cpe:2.3:h:huntcctv:dvr-16ch:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-704a4h_firmware>>-
cpe:2.3:o:huntcctv:dr6-704a4h_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-704a4h>>-
cpe:2.3:h:huntcctv:dr6-704a4h:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-708a4h_firmware>>-
cpe:2.3:o:huntcctv:dr6-708a4h_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-708a4h>>-
cpe:2.3:h:huntcctv:dr6-708a4h:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-7316a4h_firmware>>-
cpe:2.3:o:huntcctv:dr6-7316a4h_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-7316a4h>>-
cpe:2.3:h:huntcctv:dr6-7316a4h:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-7316a4hl_firmware>>-
cpe:2.3:o:huntcctv:dr6-7316a4hl_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>dr6-7316a4hl>>-
cpe:2.3:h:huntcctv:dr6-7316a4hl:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>hdr-04kd_firmware>>-
cpe:2.3:o:huntcctv:hdr-04kd_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>hdr-04kd>>-
cpe:2.3:h:huntcctv:hdr-04kd:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>hdr-08kd_firmware>>-
cpe:2.3:o:huntcctv:hdr-08kd_firmware:-:*:*:*:*:*:*:*
huntcctv
huntcctv
>>hdr-08kd>>-
cpe:2.3:h:huntcctv:hdr-08kd:-:*:*:*:*:*:*:*
capturecctv
capturecctv
>>cdr_0410ve_firmware>>-
cpe:2.3:o:capturecctv:cdr_0410ve_firmware:-:*:*:*:*:*:*:*
capturecctv
capturecctv
>>cdr_0410ve>>-
cpe:2.3:h:capturecctv:cdr_0410ve:-:*:*:*:*:*:*:*
capturecctv
capturecctv
>>cdr_0820vde_firmware>>-
cpe:2.3:o:capturecctv:cdr_0820vde_firmware:-:*:*:*:*:*:*:*
capturecctv
capturecctv
>>cdr_0820vde>>-
cpe:2.3:h:capturecctv:cdr_0820vde:-:*:*:*:*:*:*:*
hachi
hachi
>>hv-04rd_pro_firmware>>-
cpe:2.3:o:hachi:hv-04rd_pro_firmware:-:*:*:*:*:*:*:*
hachi
hachi
>>hv-04rd_pro>>-
cpe:2.3:h:hachi:hv-04rd_pro:-:*:*:*:*:*:*:*
hachi
hachi
>>hv-08rd_pro_firmware>>-
cpe:2.3:o:hachi:hv-08rd_pro_firmware:-:*:*:*:*:*:*:*
hachi
hachi
>>hv-08rd_pro>>-
cpe:2.3:h:hachi:hv-08rd_pro:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1204_firmware>>-
cpe:2.3:o:novuscctv:nv-dvr1204_firmware:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1204>>-
cpe:2.3:h:novuscctv:nv-dvr1204:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1208_firmware>>-
cpe:2.3:o:novuscctv:nv-dvr1208_firmware:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1208>>-
cpe:2.3:h:novuscctv:nv-dvr1208:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1216_firmware>>-
cpe:2.3:o:novuscctv:nv-dvr1216_firmware:-:*:*:*:*:*:*:*
novuscctv
novuscctv
>>nv-dvr1216>>-
cpe:2.3:h:novuscctv:nv-dvr1216:-:*:*:*:*:*:*:*
vsp
vsp
>>tw-dvr604_firmware>>-
cpe:2.3:o:vsp:tw-dvr604_firmware:-:*:*:*:*:*:*:*
vsp
vsp
>>tw-dvr604>>-
cpe:2.3:h:vsp:tw-dvr604:-:*:*:*:*:*:*:*
vsp
vsp
>>tw-dvr616_firmware>>-
cpe:2.3:o:vsp:tw-dvr616_firmware:-:*:*:*:*:*:*:*
vsp
vsp
>>tw-dvr616>>-
cpe:2.3:h:vsp:tw-dvr616:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.htmlcve@mitre.org
Exploit
Third Party Advisory
https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosurecve@mitre.org
Third Party Advisory
https://www.securityfocus.com/bid/57579/infocve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitybydefault.com/2013/01/12000-grabadores-de-video-expuestos-en.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.rapid7.com/db/modules/auxiliary/scanner/misc/dvr_config_disclosure
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.securityfocus.com/bid/57579/info
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

359Records found

CVE-2019-20360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 80.72%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 05:03
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.

Action-Not Available
Vendor-n/aGiveWP
Product-givewpn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-0796
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.47%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 16:35
Updated-05 Aug, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.

Action-Not Available
Vendor-mb.miniaudioplayer_projectn/a
Product-mb.miniaudioplayerWordPress Plugin mb.miniAudioPlayer-an
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2019-20833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.33%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:49
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-0883
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-operations_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20412
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 05:50
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server
CWE ID-CWE-287
Improper Authentication
CVE-2025-8546
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 05:02
Updated-05 Aug, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
atjiu pybbs Verification Code login Captcha

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-atjiu
Product-pybbs
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-804
Guessable CAPTCHA
CVE-2008-7008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.91% / 91.02%
||
7 Day CHG~0.00%
Published-19 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.

Action-Not Available
Vendor-hyperstopn/a
Product-web_host_directoryn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 17:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Action-Not Available
Vendor-arrln/a
Product-tqsllibn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 17:00
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Action-Not Available
Vendor-llnln/a
Product-slurmn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7006
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.11% / 88.15%
||
7 Day CHG~0.00%
Published-19 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.

Action-Not Available
Vendor-phpversionn/a
Product-php_vx_guestbookn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 17:00
Updated-21 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.

Action-Not Available
Vendor-erlangn/a
Product-erlangn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-07 Jan, 2009 | 18:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-grid_enginen/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-16668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-46.96% / 97.59%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 20:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.

Action-Not Available
Vendor-circontroln/a
Product-circarlife_scadan/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-06 Mar, 2009 | 18:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

Action-Not Available
Vendor-cerberuswebgroupmedian/a
Product-cerberus_helpdeskn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-1668
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.68%
||
7 Day CHG~0.00%
Published-29 Jan, 2019 | 16:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-287
Improper Authentication
CVE-2022-26508
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_debug_and_provisioning_toolIntel(R) SDP Tool
CWE ID-CWE-287
Improper Authentication
CVE-2008-6815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.10% / 83.37%
||
7 Day CHG~0.00%
Published-28 May, 2009 | 14:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.

Action-Not Available
Vendor-myktoolsn/a
Product-myktoolsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25466
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 18:05
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-internetSamsung Internet
CWE ID-CWE-287
Improper Authentication
CVE-2019-18287
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.12%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-18284
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-16286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.13%
||
7 Day CHG~0.00%
Published-14 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.

Action-Not Available
Vendor-n/aLG Electronics Inc.
Product-supersign_cmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-18312
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.12%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18286
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.12%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-15598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.20%
||
7 Day CHG~0.00%
Published-21 Aug, 2018 | 01:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.

Action-Not Available
Vendor-traefikn/a
Product-traefikn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-14782
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.66%
||
7 Day CHG~0.00%
Published-10 Aug, 2018 | 19:00
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.

Action-Not Available
Vendor-netcommwirelessICS-CERT
Product-nwl-25nwl-25_firmwareNetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2008-5721
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.80%
||
7 Day CHG~0.00%
Published-26 Dec, 2008 | 17:08
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-sapporoworksn/a
Product-blackjumbodogn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25368
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.14% / 34.26%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:15
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-cloudSamsung Cloud
CWE ID-CWE-287
Improper Authentication
CVE-2019-1666
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.59% / 80.90%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 19:00
Updated-19 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX-Series
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2018-13990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-1.28% / 78.76%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 18:47
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-fl_switch_4808e-16fx_sm-4gcfl_switch_3004t-fx_st_firmwarefl_switch_4808e-16fx_lc-4gcfl_switch_3006t-2fx_sm_firmwarefl_switch_4008t-2gt-4fx_smfl_switch_3016_firmwarefl_switch_3016tfl_switch_4008t-2gt-3fx_sm_firmwarefl_switch_4808e-16fx_sm_st-4gcfl_switch_3004t-fx_stfl_switch_3016fl_switch_4808e-16fx-4gc_firmwarefl_switch_3005tfl_switch_4808e-16fx-4gcfl_switch_4012t-2gt-2fx_stfl_switch_3012e-2sfx_firmwarefl_switch_3004t-fxfl_switch_4824e-4gcfl_switch_3005t_firmwarefl_switch_3008t_firmwarefl_switch_4824e-4gc_firmwarefl_switch_4808e-16fx_st-4gc_firmwarefl_switch_4008t-2sfpfl_switch_3008fl_switch_4012t_2gt_2fxfl_switch_3012e-2fx_sm_firmwarefl_switch_3004t-fx_firmwarefl_switch_3006t-2fx_stfl_switch_4808e-16fx_sm_lc-4gc_firmwarefl_switch_3006t-2fx_st_firmwarefl_switch_3006t-2fx_firmwarefl_switch_4008t-2gt-3fx_smfl_switch_4800e-24fx_sm-4gcfl_switch_4800e-24fx_sm-4gc_firmwarefl_switch_4808e-16fx_sm_st-4gc_firmwarefl_switch_4008t-2gt-4fx_sm_firmwarefl_switch_4012t_2gt_2fx_firmwarefl_switch_4808e-16fx_lc-4gc_firmwarefl_switch_3016t_firmwarefl_switch_3016efl_switch_3006t-2fxfl_switch_3008_firmwarefl_switch_3012e-2sfxfl_switch_4000t-8poe-2sfp-rfl_switch_4008t-2sfp_firmwarefl_switch_4012t-2gt-2fx_st_firmwarefl_switch_3005fl_switch_4808e-16fx_st-4gcfl_switch_4808e-16fx_sm_lc-4gcfl_switch_4800e-24fx-4gcfl_switch_4808e-16fx_sm-4gc_firmwarefl_switch_4000t-8poe-2sfp-r_firmwarefl_switch_3016e_firmwarefl_switch_3008tfl_switch_3006t-2fx_smfl_switch_4800e-24fx-4gc_firmwarefl_switch_3012e-2fx_smfl_switch_3005_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-24881
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.79%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 14:31
Updated-02 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

Action-Not Available
Vendor-passster_projectUnknown
Product-passterPassster
CWE ID-CWE-287
Improper Authentication
CVE-2019-16649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.50%
||
7 Day CHG-0.04%
Published-21 Sep, 2019 | 01:54
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Action-Not Available
Vendor-supermicron/a
Product-x10sra-fx10qrh\+x9drw-c\(t\)f31_firmwarex9srh-7\(t\)f_firmwareb10drt-ibf_firmwarex11sdd-18c-fa1sai-2550fx9drff-7\/i\(t\)g\+_firmwarex10drt-p_firmwarex10qblx11spw-ctfx10drt-hibfb2ss1-mtfx9srw-f_firmwarex10drh-i_firmwarex9da7\/e_firmwarex10sll\+-fx10dri-t_firmwarex10drt-pibq_firmwareb9drpx9drd-it\+_firmwareb2ss1-cf_firmwarem11sdv-8c-ln4f_firmwarex10sdv-4c\+-tln4f_firmwareb9drix11dpi-n_firmwarex10drt-px10drd-intp_firmwarex11opi-cpux9sci-ln4\(f\)_firmwarex11dpu-x_firmwarex11sca-wx10drsx10drg-ht_firmwarex10srg-fx10drg-h_firmwarex10drd-intx11qph\+_firmwareb10dri-nx10srh-cf_firmwarex10drw-i_firmwarex10srax10drt-pibf_firmwarex9drw-3ln4f\+\/3tf\+_firmwarex10drt-b\+_firmwarex10sra_firmwarex11sds-12cx10sae_firmwarex10qbl-ctx10qbl-4ct_firmwareb10drc_firmwarex11sse-fx11spm-fx10drh-it_firmwarex9drh-7\/i\(t\)f_firmwarex10qbl-ct_firmwarex10dsc\+x9dbl-3\/i\(f\)x11sph-nctfx9dr7\/e-ln4fx10sdv-7tp8fx9drff-7\/i\(t\)\+x9drl-3\/if_firmwarex9dr7\/e-tf\+b2ss2-mtfx11scm-ln8f_firmwarex11sse-f_firmwareb11dpe_firmwarex10drd-lx10sdv-f_firmwareb2ss2-h-mtfb11qpix10drff-ctgb10drg-ibf2_firmwarex10drd-l_firmwarex11ddw-nt_firmwarex11dpt-bhx10sdv-8c\+-ln2f_firmwarex11dsn-ts_firmwarem11sdv-8c\+-ln4fx11dpi-ntx11dpub1sd2-tf_firmwarex10drg-ot\+-cpu_firmwareb10drt-tp_firmwarex9drd-c\(n\)t\+_firmwareb9drtx10drt-pibqb9drg-ex10drc-t4\+_firmwarex11dpi-nt_firmwarex11ssw-4tf_firmwarex9drw-3\/ifx11sds-16c_firmwarex10drff-igx9scd_seriesx10sdv-tln4f_firmwarex9qr7-tf\+x11dpfr-sx9scl\+-fx10dri-t4\+_firmwarea1srm-2758f_firmwarex9drt-h_series_firmwarex10dru-xllx10srm-tfx10sle-dfb11spe-cpu-tf_firmwarex11ssl-nfa1srm-ln7f-2358x10drh-c_firmwarex11sph-nctf_firmwarex10drd-itx10sdv-fa1sai-2750f_firmwarex9scm\(-f\)_firmwarex10dru-xll_firmwarex11spi-tf_firmwarex9drt-hf\+x10drt-b\+x11dsn-tsqx10drw-ntx10sdv-8c-tln4f_firmwarex11dpt-psx11dpu-xll_firmwareb9drg-e_firmwarex11sch-ln4f_firmwarex9scl\(-f\)x11dph-i_firmwarex10srd-fa1srm-ln7f-2758b11spe-cpu-25g_firmwarex11ssmx11dgo-t_firmwarex11dpu-xa1srm-2758fx10drfr-ta1sri-2358f_firmwarex10drt-h_firmwarex10drc-ln4\+x9drg-qfx10slh-f_firmwarex10dsc\+_firmwarea1srm-ln7f-2358_firmwarex9sca\(-f\)x11sds-8c_firmwarex11dai-na1sai-2550f_firmwareb1sd2-16c-tfx11sri-if_firmwarex11scl-ifx10sll-sf_firmwarex11sdd-8c-fb2ss1-cpux11srm-vf_firmwarex10drt-hibf_firmwarex10drl-ct_firmwarem11sdv-4ct-ln4fx9drt-p_series_firmwarea1sa2-2750f_firmwarex9dr3\/i-ln4f\+_firmwarex9drd-7ln4f_series_firmwarex10drd-ltp_firmwarex9drw-7\/itpf\+x11spg-tf_firmwarex11ssh-ln4f_firmwarex11dpu-xllx10drff-cx9drh-if-nvx10dru-i\+x10drx_firmwarex10qbl-4x11ssw-tfx11dpff-sn_firmwarex9dr3\/i-fx10drh-cln4x9drt-p_seriesx11sdd-18c-f_firmwarex10srw-fx10drh-ctx9sae\(-v\)_firmwarex11dpl-i_firmwarex11opi-cpu_firmwarex10drh-itx10drfr_firmwareb11spe-cpu-tfx10sld-f_firmwarea1sri-2758f_firmwarex10drc-t4\+x10sde-dfx9srd-fx10drl-cx9drfrx11ssw-4tfx9drd-efx11sch-f_firmwarex9drl-7\/ef_firmwarex9daix9drw-7\/itpfm11sdv-8ct-ln4fx10sle-f_firmwarex10drff-cgx11srm-fb11dpex10srg-f_firmwarex10dri_firmwarex9sae\(-v\)x10srh-cfx11spm-tpfx10slm\+-ln4f_firmwarex9da7\/ex10drl-ln4_firmwarex10drw-nx11dsf-e_firmwarex11ssw-fm11sdv-8c-ln4fx11sca-f_firmwarex10sdd-f_firmwarex11scw-f_firmwareb10drg-ibf2x10sdv-8c\+-ln2fx10sdv-6c\+-tln4fx9srl\(-f\)_firmwarex9drt-hf\+_firmwarex11sch-ln4fx9drh-if-nv_firmwarex11ssh-ctfx10sdv-16c-tln4f\+x9dr7-jln4fx10drw-etx11dac_firmwarex9drg-h\(t\)f\+ii_firmwarex11ssh-gf-1585lb2ss1-mtf_firmwarex11scl-ln4fx11dpt-lx11dpff-snx10sdv-6c-tln4fx11ssl-cf_firmwarex10drt-libfx11spa-tf_firmwarex11ssl-cfx10drl-i_firmwarex10drt-psx11dgq_firmwarex11spw-ctf_firmwarex9drff-7\/i\(t\)\+_firmwarex9scl\+-f_firmwareb9drg_firmwareb10drt_firmwarex9drg-h\(t\)f_firmwarex11dsf-ex11scl-f_firmwarea1sam-2550fx9drfr_firmwarex9qri-fx10drg-ot\+-cpux9sre\/i_seriesx11dph-tqx10slm\+-ln4fx10drd-it_firmwarex10drg-q_firmwarem11sdv-4c-ln4f_firmwarea1sri-2558fx10srd-f_firmwarex10sll-sx10sdv-4c\+-tp4fx10sle-hfx10drg-o\+-cpua1sam-2750f_firmwarex10sl7-f_firmwarex11ssd-fx10drfr-ntx11spw-tf_firmwarex11dsc\+a1sa2-2750fb10drg-tpx9qri-f\+x10dgq_firmwarex9qr7-tfx9dax-7\/i\(t\)f_firmwarex10dgo-tx11dpu-vx10drh-cln4_firmwarex11dpi-nx10sdv-2c-7tp4fx10sdv-8c-tln4fb9drt_firmwarex10dri-ln4\+x10dri-tb10drix9drt_series_firmwarex11ssl-fx11dpfr-s_firmwarex10qbl-4_firmwarex10sdv-2c-tp8f_firmwarex10drd-itp_firmwarex10drl-ix10qbi_firmwarex10sle-hf_firmwarex11ssm_firmwareb11qpi_firmwarex11spa-tfx9db3\/i-\(tp\)fx9dax-7\/if-hft_firmwareb2ss1-f_firmwarex10sdv-4c-7tp4fx10sdv-16c-tln4f_firmwarex9dai_firmwarex9drff\(-7\)x11scm-ln8fx10slx-fx10drh-ct_firmwarex10drt-pibfx10slm-f_firmwarex9srh-7\(t\)fx11spw-tfx11ssw-tf_firmwarex10drg-hx9drff\(-7\)_firmwarex10drd-intpx11sri-ifx11srm-f_firmwarex9sre\/i_series_firmwarex11ddw-ntb2ss2-fx11ssh-gf-1585_firmwareb9dr7x11dpt-bh_firmwarex11dpx-tx11dpl-ix11dpt-l_firmwarex10sdv-tp8f_firmwarex11ssh-gtf-1585_firmwareb2ss1-fb9dri_firmwareb9drp_firmwarex10drd-int_firmwarex10sdv-8c-tln4f\+_firmwarea1sri-2558f_firmwarex9dax-7\/i\(t\)fx11scl-if_firmwarex10drg-o\+-cpu_firmwarex9drd-l\/if_firmwarex11dph-t_firmwarex11scm-fx9drg-h\(t\)f\+_firmwareb11spe-cpu-25gx10sdv-4c\+-tln4fx11dpg-ot-cpu_firmwarex10sdv-16c\+-tln4f_firmwarex10sdv-4c-tln2fx11ssh-gtf-1585l_firmwarex11scd-fx11ssl-nf_firmwarex10drw-n_firmwarex11scax11scd-f_firmwarex10saex10drw-et_firmwarex11sds-12c_firmwarex11srl-fx10drt-ptx11scl-ln4f_firmwarex10sri-f_firmwarex11dph-tx10drt-pt_firmwarex11dpu-ze\+_firmwarex10sle-fx10drfr-nt_firmwarex9srg-f_firmwarex10sll-fb1sd1-tf_firmwarex9sra_firmwarex10srh-cln4f_firmwarex10drw-ex10sld-hf_firmwarex10qbix10srw-f_firmwarex10drix10sdv-2c-tp4fx10sdv-12c-tln4f\+_firmwarex11ssh-gtf-1585x10srh-cln4fx11dacb2ss1-cpu_firmwareb1sd1-16c-tf_firmwarea1srm-2558f_firmwareb10drt-ibf2_firmwareb10drg-ibfx9drx\+-f_firmwarex11dpu-z\+x10srl-fx10dri-t4\+x10sdd-16c-fx10drff-itg_firmwarex10drw-nt_firmwarex10sdv-4c-tln4fx9qri-f\+_firmwarex9drh-7\/i\(t\)fx11ssh-tf_firmwarex9drw-3ln4f\+\/3tf\+x9dr3\/i-ln4f\+x10dru-i\+_firmwareb10drcx11sds-16ca1sam-2550f_firmwarex11dpt-ps_firmwarex10sle-df_firmwarex10drt-hx11dai-n_firmwareb10dri_firmwarex9drw-7\/itpf_firmwarex11ddw-lx10obi-cpu_firmwareb2ss1-cfx11dgqx11ssi-ln4f_firmwarex10sdv-7tp4f_firmwarex10drff-itgx10drw-e_firmwarex11dps-re_firmwarex10drff_firmwarex9scd_series_firmwarex10dsn-ts_firmwareb2ss1-h-mtf_firmwarex10drl-ln4x11dsn-tsq_firmwarex10drd-ix9dbu-3\/ifx11dph-ix10sll-s_firmwarex10srm-tf_firmwarex11dpt-bx9scm\(-f\)x11dpu_firmwarex11spg-tfx10slx-f_firmwarex11spm-tfx10slm\+-f_firmwarex9srg-fx10drxx10drw-ix9dbl-3\/i\(f\)_firmwarex10sat_firmwarex10drt-lx10sdv-8c-tln4f\+x10drh-ix11sch-fx10sla-fx10drffx10sri-fx10ddw-i_firmwarex11ssh-f_firmwarex10sla-f_firmwarex9drd-7ln4f_seriesx10sdv-7tp8f_firmwarex11srm-vfx10drd-ltx10dgo-t_firmwarex9drff-7\/i\(t\)g\+x10sdv-12c-tln4f_firmwareb10drt-ibf2x10drfr-n_firmwareb10drt-tpx10sdv-6c\+-tln4f_firmwarex10sdv-2c-7tp4f_firmwarex10drff-ig_firmwarex9scl\(-f\)_firmwareb10drc-n_firmwarex9drw-c\(t\)f31x11ssl_firmwarex11dpg-ot-cpux10drfr-nx10sdv-2c-tp4f_firmwarex10drg-qx10sdv-12c\+-tln4f_firmwareb10dri-n_firmwarex11srl-f_firmwarex9drt_seriesx10drfr-t_firmwarex10sdv-2c-tln2f_firmwarem11sdv-8c\+-ln4f_firmwarex10sra-f_firmwarex11scm-f_firmwarex10sdv-12c-tln4f\+x10slm\+-fx11spa-t_firmwarex11ssm-f_firmwarex10drl-c_firmwarex10dru-x_firmwareb10drg-tp_firmwarea1sam-2750fx11dpfr-snx10sll\+-f_firmwarex11ssh-fx10sdv-16c-tln4fx10drw-itx9dr3\/i-f_firmwarex10drc-ln4\+_firmwarex11sds-8cx10dri-ln4\+_firmwarex11sslx10sll-f_firmwarex9srax10drs_firmwarex11ssh-tfx9drd-it\+x9srd-f_firmwarex11dpu-z\+_firmwareb1sd2-16c-tf_firmwarex10sdv-12c-tln4fb9drgx10dru-xx10srm-f_firmwarex11dpg-qtx10sdv-2c-tln2fx10sdv-4c-tln4f_firmwarex10slh-fx10drh-iln4x11sca_firmwareb9qr7\(-tp\)x10obi-cpux10drw-it_firmwarex11spm-f_firmwarex10drh-ca1sri-2358fx10sdv-16c\+-tln4fm11sdv-4ct-ln4f_firmwarex9drg-qf_firmwarex11scw-fb10drg-ibf_firmwareb2ss2-mtf_firmwareb9drg-3mx10drl-itx10drd-lt_firmwarex11dpu-ze\+x11dph-tq_firmwarex10drff-cg_firmwarex10ddw-ix9srw-fx9sca\(-f\)_firmwarex11qph\+x9drw-7\/itpf\+_firmwareb9qr7\(-tp\)_firmwarex11spa-tx11dgo-tx11dpx-t_firmwarex9drw-3\/if_firmwarex10drd-i_firmwarex9dal-3\/ix9dbs-f\(-2u\)_firmwarex10sdv-4c-tln2f_firmwarex11dsc\+_firmwarex10drd-ltpx9drg-h\(t\)fx9drl-3\/ifx9drg-o\(t\)f-cpux11spm-tpf_firmwarex10drff-ctg_firmwarex10dgqx10sdd-fx11sca-w_firmwarex11spl-fx10ddw-inx11spm-tf_firmwarex11dpg-qt_firmwarem11sdv-4c-ln4fx11ddw-l_firmwarex11dpfr-sn_firmwarex9dr7\/e-ln4f_firmwarex11sdd-8c-f_firmwarex10qrh\+_firmwarex9qr7-tf\+_firmwarex10sld-hfb2ss2-f_firmwareb10drtx10drt-libf_firmwarex10sdv-7tp4fx10drt-ps_firmwarex10sl7-fb2ss1-h-mtfb11dpt_firmwarex10srl-f_firmwarex11ssm-fx9drd-c\(n\)t\+x10sdv-tln4fx10drl-it_firmwarex11spl-f_firmwarex9drl-7\/efx9dr7\/e-tf\+_firmwarex11dps-rea1srm-2558fx11scl-fx10drd-itpx10sdv-4c\+-tp4f_firmwarex11ssh-ctf_firmwarex10drt-libqx9drg-h\(t\)f\+iix10ddw-in_firmwarex11ssi-ln4fx10srm-fx11dsn-tsa1srm-ln7f-2758_firmwarex10drg-htx9db3\/i-\(tp\)f_firmwarex9dr7-jln4f_firmwarex10drt-libq_firmwarex10sdv-tp8fx9qr7-tf_firmwarex11ssd-f_firmwareb10drt-ibfx11ssl-f_firmwarex9drg-o\(t\)f-cpu_firmwareb1sd1-tfx9dbs-f\(-2u\)x10sdv-16c-tln4f\+_firmwarex9dax-7\/if-hftx10sdv-6c-tln4f_firmwarex9drg-h\(t\)f\+x9drx\+-fx10drt-l_firmwarex9dal-3\/i_firmwarex11dpg-snx11ssh-gf-1585x10drh-iln4_firmwareb1sd2-tfx9dbu-3\/if_firmwarea1srm-ln5f-2358_firmwareb10drc-nx11ssw-f_firmwarex9srl\(-f\)x11sph-nctpf_firmwarex10drff-c_firmwarex10sdv-12c\+-tln4fb2ss2-h-mtf_firmwarex10drfrx9qri-f_firmwarex10dbt-t_firmwarex10dbt-tx11dpt-b_firmwarem11sdv-8ct-ln4f_firmwarex11ssh-ln4fb11dptx10dsn-tsx11sca-fx11spi-tfx10sde-df_firmwarex10satx11dpg-sn_firmwarex10sll-sfa1srm-ln5f-2358x9drt-h_seriesb9dr7_firmwarex10sdv-2c-tp8fb1sd1-16c-tfx10slm-fx10sld-fx11sph-nctpfx11ssh-gtf-1585lx10sdd-16c-f_firmwarex9drd-l\/ifx9sci-ln4\(f\)x9drd-ef_firmwarex10sdv-4c-7tp4f_firmwareb9drg-3m_firmwarex10drl-ctx11ssh-gf-1585l_firmwarex11dpu-v_firmwarex10qbl_firmwarea1sai-2750fa1sri-2758fx10qbl-4ctn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2015-6266
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.74%
||
7 Day CHG~0.00%
Published-28 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-13789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.34%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.

Action-Not Available
Vendor-descorn/a
Product-infocad_fmn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2008-5692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-19 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

Action-Not Available
Vendor-n/aIpswitch, Inc.
Product-ws_ftpn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-15046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.35% / 89.70%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:51
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-14080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.38%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 15:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-809_a1_firmwaredir-809_guestzone_firmwaredir-809dir-809_a2_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-12564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-02 Jun, 2019 | 23:07
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames.

Action-Not Available
Vendor-doucon/a
Product-douphpn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-11765
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 17:02
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-hadoopApache Hadoop
CWE ID-CWE-287
Improper Authentication
CVE-2019-12300
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.20%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 14:18
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.

Action-Not Available
Vendor-buildbotn/a
Product-buildbotn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-4453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-40.87% / 97.28%
||
7 Day CHG~0.00%
Published-05 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

Action-Not Available
Vendor-n/aOpenEMR Foundation, Inc
Product-openemrn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-11733
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.29%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:22
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxfirefox_esrFirefoxFirefox ESR
CWE ID-CWE-287
Improper Authentication
CVE-2019-11018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 20:37
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.

Action-Not Available
Vendor-thinkadminn/a
Product-thinkadminn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-11064
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.02%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 00:19
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability of remote credential disclosure was discovered in Advan VD-1

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

Action-Not Available
Vendor-geovisionandrovideoAndroVideo
Product-gv-vd8700gv-vd8700_firmwarevd_1vd_1_firmwaregv-vr360gv-vr360_firmwareAdvan VD-1 firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2018-10544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 71.94%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 07:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.

Action-Not Available
Vendor-merossn/a
Product-mss110mss110_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-0318
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.49% / 84.71%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 12:00
Updated-29 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploit this vulnerability by submitting a password reset request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07245.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaborationprime_collaboration_provisioningCisco Prime Collaboration Provisioning unknown
CWE ID-CWE-255
Not Available
CWE ID-CWE-287
Improper Authentication
CVE-2018-0319
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.49% / 84.71%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 12:00
Updated-29 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could exploit this vulnerability by submitting a password recovery request and changing the password for any user on an affected system. An exploit could allow the attacker to gain administrative-level privileges on the affected system. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd07253.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaborationprime_collaboration_provisioningCisco Prime Collaboration Provisioning unknown
CWE ID-CWE-255
Not Available
CWE ID-CWE-287
Improper Authentication
CVE-2018-7227
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-287
Improper Authentication
CVE-2008-3503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.44% / 62.17%
||
7 Day CHG~0.00%
Published-06 Aug, 2008 | 18:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

Action-Not Available
Vendor-webguin/a
Product-plain_black_webguin/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-22473
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:22
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2025-7875
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 45.07%
||
7 Day CHG+0.13%
Published-20 Jul, 2025 | 07:14
Updated-27 Aug, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Metasoft 美特软件 MetaCRM debug.jsp improper authentication

A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-metasoftMetasoft 美特软件
Product-metacrmMetaCRM
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found