Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-3467
Apache QPID 0.14, 0.16, and previous versions uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote malicious users to bypass authentication.
Apache Qpid
Apache Qpid 0.6
Apache Qpid 0.14
Apache Qpid 0.5
6.5
CVSSv2
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
5
CVSSv2
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
NA
CVE-2023-31580
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow malicious users to authenticate to the application with a crafted JWT token.
Networknt Light-oauth2
6.8
CVSSv2
CVE-2020-29599
ImageMagick prior to 6.9.11-40 and 7.x prior to 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shel...
Imagemagick Imagemagick
Debian Debian Linux 9.0
2 Github repositories
7.5
CVSSv2
CVE-2005-1014
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and previous versions and Professional 1.54 allows remote malicious users to execute arbitrary code via a long AUTHENTICATE command.
Mailenable Mailenable Enterprise 1.01
Mailenable Mailenable Enterprise 1.02
Mailenable Mailenable Enterprise 1.03
Mailenable Mailenable Enterprise 1.04
Mailenable Mailenable Professional 1.5
Mailenable Mailenable Enterprise 1.0
Mailenable Mailenable Professional 1.53
Mailenable Mailenable Professional 1.54
Mailenable Mailenable Professional 1.51
Mailenable Mailenable Professional 1.52
5
CVSSv2
CVE-2000-0278
The SalesLogix Eviewer allows remote malicious users to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
Saleslogix Corporation Eviewer 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2016-7145
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Nefarious2 Project Nefarious2 2.0
NA
CVE-2022-4967
strongSwan versions 5.9.2 up to and including 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a cli...
4.6
CVSSv2
CVE-2020-27225
In versions 4.18 and previous versions of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local malicious user to issue active help commands to the associated Eclipse Platform process or...
Eclipse Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »