Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-19 | CVE-2014-9618 | Improper Authentication vulnerability in Netsweeper The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. | 9.8 |
2017-09-19 | CVE-2014-9611 | Improper Authentication vulnerability in Netsweeper Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | 9.8 |
2017-09-18 | CVE-2017-9803 | Improper Authentication vulnerability in Apache Solr Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. | 7.5 |
2017-09-17 | CVE-2017-14243 | Improper Authentication vulnerability in Utstar Wa3002G4 Firmware Wa3002G40021.01 An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. | 9.8 |
2017-09-14 | CVE-2017-1002024 | Improper Authentication vulnerability in Kindsoft Kind Editor and Kindeditor Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. | 4.3 |
2017-09-12 | CVE-2017-1520 | Improper Authentication vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. | 3.7 |
2017-09-12 | CVE-2017-14337 | Improper Authentication vulnerability in Misp-Project Misp When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | 8.1 |
2017-09-12 | CVE-2014-9624 | Improper Authentication vulnerability in Mantisbt CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 7.5 |
2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 6.5 |
2017-09-11 | CVE-2017-7649 | Improper Authentication vulnerability in Eclipse Kura The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. | 9.8 |