Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8591 | 1 Eginnovations | 1 Eg Manager | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | |||||
| CVE-2020-8510 | 1 Phpabook Project | 1 Phpabook | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | |||||
| CVE-2020-5206 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.4 MEDIUM | 10.0 CRITICAL |
| In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2019-19825 | 1 Totolink | 16 A3002ru, A3002ru Firmware, A702r and 13 more | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. | |||||
| CVE-2013-7051 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | |||||
| CVE-2013-1600 | 1 Dlink | 4 Dcs-2102, Dcs-2102 Firmware, Dcs-2121 and 1 more | 2020-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information. | |||||
| CVE-2013-4863 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2020-02-04 | 9.0 HIGH | 8.8 HIGH |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | |||||
| CVE-2013-5114 | 1 Logmein | 1 Lastpass | 2020-02-03 | 6.6 MEDIUM | 6.1 MEDIUM |
| LastPass prior to 2.5.1 allows secure wipe bypass. | |||||
| CVE-2013-5116 | 1 Evernote | 1 Evernote | 2020-02-03 | 6.6 MEDIUM | 7.1 HIGH |
| Evernote prior to 5.5.1 has insecure password change | |||||
| CVE-2013-2569 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream. | |||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | |||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | |||||
| CVE-2013-3215 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | |||||
| CVE-2013-1596 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. | |||||
| CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |||||
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | |||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | |||||
| CVE-2020-1787 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2020-01-29 | 7.2 HIGH | 6.6 MEDIUM |
| HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user. | |||||
| CVE-2020-1840 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2020-01-29 | 3.6 LOW | 6.0 MEDIUM |
| HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) | |||||
| CVE-2020-7222 | 1 Amcrest | 1 Web Server | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them). | |||||