Authentication flaw

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

CVE-2017-3791

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

CVE-2014-2938

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands...

Authentication flaw

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands...

CVE-2014-2938

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands...

CVE-2014-2938

Hanvon FaceID devices running software versions before 1.007.110 are affected by an authentication flaw that allows an unauthenticated remote attacker to modify user and access-control data via the device’s API/management protocol (port 9922/tcp). Root cause: missing authentication for critical f...

Hanvon facial recognition (Face ID) devices do not authenticate commands

Overview Hanvon facial recognition Face ID devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Description CWE-306: Missing Authentication for Critical FunctionIt has been reported that Hanvon biometr...

CVE-2013-2048

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...

Cross site request forgery (csrf)

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...

CVE-2013-2048

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands...

CVE-2012-3241

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands...

Command injection

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands...