Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2014-7858 | Improper Authentication vulnerability in D-Link Dnr-326 Firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 9.8 |
| 2017-08-25 | CVE-2014-7857 | Improper Authentication vulnerability in D-Link products D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 9.8 |
| 2017-08-24 | CVE-2015-8308 | Improper Authentication vulnerability in Lxdm Project Lxdm LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | 7.8 |
| 2017-08-22 | CVE-2016-4460 | Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | 9.8 |
| 2017-08-22 | CVE-2016-2102 | Improper Authentication vulnerability in Haproxy HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | 5.3 |
| 2017-08-21 | CVE-2017-7420 | Improper Authentication vulnerability in Microfocus products An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | 9.8 |
| 2017-08-18 | CVE-2015-4464 | Improper Authentication vulnerability in Kguardsecurity Kg-Sha104 Firmware and Kg-Sha108 Firmware Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | 9.8 |
| 2017-08-17 | CVE-2017-6781 | Improper Authentication vulnerability in Cisco Policy Suite A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. | 5.3 |
| 2017-08-16 | CVE-2017-7546 | Improper Authentication vulnerability in multiple products PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | 9.8 |
| 2017-08-09 | CVE-2015-6816 | Improper Authentication vulnerability in multiple products ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | 9.8 |