Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authenticate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3470
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote malicious users to execute arbitrary SQL commands.
Mailscanner Mailscanner 1.0.2
8.8
CVSSv3
CVE-2023-40800
The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.
Tenda Ac23 Firmware 16.03.07.45 Cn
9.8
CVSSv3
CVE-2017-12791
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.11.7 and 2017.7.x prior to 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
Saltstack Salt 2017.7.0
Saltstack Salt
9.8
CVSSv3
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
NA
CVE-2006-4403
The FTP server in Apple Mac OS X 10.4.8 and previous versions, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote malicious users to cause a denial of service (crash) and enumerate valid usernames.
Apple Mac Os X
8.1
CVSSv3
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
8.8
CVSSv3
CVE-2023-40798
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.
Tenda Ac23 Firmware 16.03.07.45 Cn
NA
CVE-2005-4157
Unspecified vulnerability in Kerio WinRoute Firewall prior to 6.1.3 allows remote malicious users to authenticate to the service using an account that has been disabled.
10
CVSSv3
CVE-2021-46250
An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows malicious users to authenticate as other users on downstream components that rely on ScratchOAuth2.
Scratchoauth2 Project Scratchoauth2
6.5
CVSSv3
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an malicious user to successfully authenticate as a use...
Port389 389-ds-base
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »