Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11579 | Improper Authentication vulnerability in Multidots Woocommerce Category Banner Management 1.1.0 class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. | 5.3 |
| 2018-05-30 | CVE-2018-11478 | Improper Authentication vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. | 8.8 |
| 2018-05-29 | CVE-2016-10525 | Improper Authentication vulnerability in Dwyl Hapi-Auth-Jwt2 When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | 9.8 |
| 2018-05-29 | CVE-2014-10067 | Improper Authentication vulnerability in Paypal-Ipn Project Paypal-Ipn paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. | 5.9 |
| 2018-05-25 | CVE-2018-8862 | Improper Authentication vulnerability in Atisystem products In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | 3.1 |
| 2018-05-24 | CVE-2017-9421 | Improper Authentication vulnerability in Accellion Kiteworks Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | 6.5 |
| 2018-05-23 | CVE-2018-8898 | Improper Authentication vulnerability in Dlink Dsl-3782 Firmware 3.10.0.24 A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 9.8 |
| 2018-05-17 | CVE-2018-0271 | Improper Authentication vulnerability in Cisco Digital Network Architecture Center 1.1/1.1.1 A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. | 9.8 |
| 2018-05-15 | CVE-2017-2604 | Improper Authentication vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). | 4.3 |
| 2018-05-11 | CVE-2018-6617 | Improper Authentication vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. | 7.8 |