Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 allow remote malicious users to bypass authentication and change settings via a JSON API call.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
9.8
CVSSv3
CVE-2016-5669
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote malicious users to conduct man-in-the-middle attacks against HTTPS ...
Crestron Dm-txrx-100-str Firmware 1.2866.00026
9.8
CVSSv3
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote malicious users to obtain access via the web management interface.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
9.8
CVSSv3
CVE-2016-4422
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent malicious users to bypass authentication or gain privileges via a system user account.
Libpam-sshauth Project Libpam-sshauth -
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2016-2004
HPE Data Protector prior to 7.03_108, 8.x prior to 8.15, and 9.x prior to 9.06 allow remote malicious users to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
Hp Data Protector
2 EDB exploits
9.8
CVSSv3
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 4.0.2 for Pidgin allows remote malicious users to execute arbitrary code via vectors related to the "Authenticate buddy" menu ...
Cypherpunks Pidgin-otr
9.8
CVSSv3
CVE-2016-1329
Cisco NX-OS 6.0(2)U6(1) up to and including 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) up to and including 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote malicious users to obtain root privileges via a (1) TELNET or (2) SSH...
Cisco Nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(5\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(4\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(3\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(2\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(1\\\\\\)
Cisco Nx-ox 6.0\\\\\\(2\\\\\\)a7\\\\\\(1\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(1\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(5\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(4\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(3\\\\\\)
Cisco Nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(2\\\\\\)
1 Article
9.8
CVSSv3
CVE-2015-8286
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote malicious users to obtain access via a session on TCP port 23 or 9000.
Zhuhai Raysharp Firmware
9.8
CVSSv3
CVE-2015-7251
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote malicious users to obtain administrative access via a TELNET session.
Zte Zxhn H108n R1a Firmware
1 EDB exploit
9.8
CVSSv3
CVE-2012-3503
The installation script in Katello 1.0 and previous versions does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote malicious users to authenticate to the CloudForms System Engi...
Theforeman Katello
Redhat Enterprise Linux Server 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »