Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
6.1
CVSSv3
CVE-2022-27461
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
Nopcommerce Nopcommerce
NA
CVE-2012-3467
Apache QPID 0.14, 0.16, and previous versions uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote malicious users to bypass authentication.
Apache Qpid
Apache Qpid 0.6
Apache Qpid 0.14
Apache Qpid 0.5
7.5
CVSSv3
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
7.8
CVSSv3
CVE-2020-29599
ImageMagick prior to 6.9.11-40 and 7.x prior to 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shel...
Imagemagick Imagemagick
Debian Debian Linux 9.0
2 Github repositories
9.8
CVSSv3
CVE-2016-7145
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Nefarious2 Project Nefarious2 2.0
NA
CVE-2000-0278
The SalesLogix Eviewer allows remote malicious users to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
Saleslogix Corporation Eviewer 1.0
1 EDB exploit
NA
CVE-2005-1014
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and previous versions and Professional 1.54 allows remote malicious users to execute arbitrary code via a long AUTHENTICATE command.
Mailenable Mailenable Enterprise 1.01
Mailenable Mailenable Enterprise 1.02
Mailenable Mailenable Enterprise 1.03
Mailenable Mailenable Enterprise 1.04
Mailenable Mailenable Professional 1.5
Mailenable Mailenable Enterprise 1.0
Mailenable Mailenable Professional 1.53
Mailenable Mailenable Professional 1.54
Mailenable Mailenable Professional 1.51
Mailenable Mailenable Professional 1.52
NA
CVE-2022-4967
strongSwan versions 5.9.2 up to and including 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a cli...
7.8
CVSSv3
CVE-2020-27225
In versions 4.18 and previous versions of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local malicious user to issue active help commands to the associated Eclipse Platform process or...
Eclipse Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »