Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anonymous vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-22146
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could le...
Elastic Elasticsearch 7.13.3
1 Github repository
383
VMScore
CVE-2013-4594
The Payment for Webform module 7.x-1.x prior to 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
Payment For Webform Project Payment For Webform 7.x-1.5
Payment For Webform Project Payment For Webform 7.x-1.2
Payment For Webform Project Payment For Webform 7.x-1.4
Payment For Webform Project Payment For Webform 7.x-1.0
Payment For Webform Project Payment For Webform 7.x-1.1
Payment For Webform Project Payment For Webform 7.x-1.3
445
VMScore
CVE-2004-1891
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
Sgi Irix 6.5.20
NA
CVE-2024-0563
Denial of service condition in M-Files Server in versions prior to 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
NA
CVE-2022-42446
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
Hcltech Sametime 12.0
445
VMScore
CVE-2017-5635
In Apache NiFi prior to 0.7.2 and 1.x prior to 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.
Apache Nifi 0.7.1
Apache Nifi 0.7.0
Apache Nifi 1.1.1
Apache Nifi 1.1.0
668
VMScore
CVE-1999-1411
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
Debian Debian Linux 2.0
356
VMScore
CVE-2017-1000145
Mahara 1.9 prior to 1.9.7 and 1.10 prior to 1.10.5 and 15.04 prior to 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
Mahara Mahara 1.9.0
Mahara Mahara 1.9
Mahara Mahara 1.9.6
Mahara Mahara 1.9.2
Mahara Mahara 1.9.4
Mahara Mahara 1.9.5
Mahara Mahara 1.9.1
Mahara Mahara 1.9.3
Mahara Mahara 1.10.1
Mahara Mahara 1.10.3
Mahara Mahara 1.10
Mahara Mahara 1.10.0
Mahara Mahara 1.10.2
Mahara Mahara 1.10.4
Mahara Mahara 15.04
Mahara Mahara 15.04.0
Mahara Mahara 15.04.1
445
VMScore
CVE-2014-2983
Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
Drupal Drupal
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
605
VMScore
CVE-2007-6714
DBMail prior to 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote malicious users to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Dbmail Dbmail 2.2.7
Dbmail Dbmail 2.2.6
Dbmail Dbmail 2.2.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »