Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-07 | CVE-2018-19076 | Improper Authentication vulnerability in multiple products An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. | 9.8 |
| 2018-11-02 | CVE-2018-17918 | Improper Authentication vulnerability in Circontrol Circarlife Firmware 4.3 Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | 9.8 |
| 2018-11-01 | CVE-2018-6908 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware and Touch HD 12 Firmware An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | 9.8 |
| 2018-11-01 | CVE-2018-6011 | Improper Authentication vulnerability in Rainmachine Mini-8 Firmware The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. | 8.1 |
| 2018-11-01 | CVE-2018-18891 | Improper Authentication vulnerability in 1234N Minicms 1.10 MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | 7.5 |
| 2018-10-30 | CVE-2018-16467 | Improper Authentication vulnerability in Nextcloud Server A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | 5.3 |
| 2018-10-30 | CVE-2018-16465 | Improper Authentication vulnerability in Nextcloud Server Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | 5.3 |
| 2018-10-30 | CVE-2018-16464 | Improper Authentication vulnerability in Nextcloud Server A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | 5.7 |
| 2018-10-29 | CVE-2016-10732 | Improper Authentication vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 9.8 |
| 2018-10-24 | CVE-2018-17923 | Improper Authentication vulnerability in Sagaradio Saga1-L8B Firmware SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | 6.9 |