Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-01 | CVE-2018-6908 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware and Touch HD 12 Firmware An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | 9.8 |
| 2018-11-01 | CVE-2018-6011 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. | 8.1 |
| 2018-11-01 | CVE-2018-18891 | Improper Authentication vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | 7.5 |
| 2018-10-30 | CVE-2018-16467 | Improper Authentication vulnerability in Nextcloud Server A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | 5.3 |
| 2018-10-30 | CVE-2018-16465 | Improper Authentication vulnerability in Nextcloud Server Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | 5.3 |
| 2018-10-30 | CVE-2018-16464 | Improper Authentication vulnerability in Nextcloud Server A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | 5.7 |
| 2018-10-29 | CVE-2016-10732 | Improper Authentication vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 9.8 |
| 2018-10-24 | CVE-2018-17923 | Improper Authentication vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | 6.9 |
| 2018-10-24 | CVE-2018-15751 | Improper Authentication vulnerability in Saltstack Salt SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi). | 9.8 |
| 2018-10-24 | CVE-2018-18014 | Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. | 7.8 |