An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2).
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.