Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
8.8
CVSSv3
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
NA
CVE-2012-3467
Apache QPID 0.14, 0.16, and previous versions uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote malicious users to bypass authentication.
Apache Qpid
Apache Qpid 0.6
Apache Qpid 0.14
Apache Qpid 0.5
NA
CVE-2002-0765
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
Openbsd Openssh 3.2.2
Openbsd Openbsd 3.1
7.8
CVSSv3
CVE-2020-29599
ImageMagick prior to 6.9.11-40 and 7.x prior to 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shel...
Imagemagick Imagemagick
Debian Debian Linux 9.0
2 Github repositories
NA
CVE-2000-0278
The SalesLogix Eviewer allows remote malicious users to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
Saleslogix Corporation Eviewer 1.0
1 EDB exploit
NA
CVE-2005-1014
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and previous versions and Professional 1.54 allows remote malicious users to execute arbitrary code via a long AUTHENTICATE command.
Mailenable Mailenable Enterprise 1.01
Mailenable Mailenable Enterprise 1.02
Mailenable Mailenable Enterprise 1.03
Mailenable Mailenable Enterprise 1.04
Mailenable Mailenable Professional 1.5
Mailenable Mailenable Enterprise 1.0
Mailenable Mailenable Professional 1.53
Mailenable Mailenable Professional 1.54
Mailenable Mailenable Professional 1.51
Mailenable Mailenable Professional 1.52
9.8
CVSSv3
CVE-2016-7145
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Nefarious2 Project Nefarious2 2.0
NA
CVE-2022-4967
strongSwan versions 5.9.2 up to and including 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a cli...
7.8
CVSSv3
CVE-2020-27225
In versions 4.18 and previous versions of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local malicious user to issue active help commands to the associated Eclipse Platform process or...
Eclipse Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »