Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-01 | CVE-2018-3810 | Improper Authentication vulnerability in Oturia Smart Google Code Inserter Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. | 9.8 |
| 2017-12-29 | CVE-2014-0121 | Improper Authentication vulnerability in multiple products The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 9.8 |
| 2017-12-27 | CVE-2015-6237 | Improper Authentication vulnerability in Tripwire Ip360 7.2.2/7.2.4/7.2.5 The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | 9.8 |
| 2017-12-21 | CVE-2015-7224 | Improper Authentication vulnerability in Puppet Puppetlabs-Mysql puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | 9.8 |
| 2017-12-20 | CVE-2017-17777 | Improper Authentication vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | 9.8 |
| 2017-12-12 | CVE-2017-17560 | Improper Authentication vulnerability in Westerndigital MY Cloud Pr4100 Firmware 2.30.172 An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. | 9.8 |
| 2017-12-12 | CVE-2017-16689 | Improper Authentication vulnerability in SAP Kernel A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | 8.8 |
| 2017-12-12 | CVE-2017-16684 | Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30 SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | 9.8 |
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 9.8 |
| 2017-12-07 | CVE-2017-17435 | Improper Authentication vulnerability in Vaulteksafe Vt20I Firmware An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. | 8.8 |