Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48251
The vulnerability allows a remote malicious user to authenticate to the SSH service with root privileges through a hidden hard-coded account.
Bosch Nexo-os
668
VMScore
CVE-2005-3470
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote malicious users to execute arbitrary SQL commands.
Mailscanner Mailscanner 1.0.2
668
VMScore
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.11.7 and 2017.7.x prior to 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Saltstack Salt 2017.7.0
Saltstack Salt
356
VMScore
CVE-2006-4403
The FTP server in Apple Mac OS X 10.4.8 and previous versions, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote malicious users to cause a denial of service (crash) and enumerate valid usernames.
Apple Mac Os X
668
VMScore
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
668
VMScore
CVE-2005-4157
Unspecified vulnerability in Kerio WinRoute Firewall prior to 6.1.3 allows remote malicious users to authenticate to the service using an account that has been disabled.
NA
CVE-2023-40798
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.
Tenda Ac23 Firmware 16.03.07.45 Cn
605
VMScore
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
570
VMScore
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an malicious user to successfully authenticate as a use...
Port389 389-ds-base
668
VMScore
CVE-2021-46250
An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows malicious users to authenticate as other users on downstream components that rely on ScratchOAuth2.
Scratchoauth2 Project Scratchoauth2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »