Lucene search
K

472 matches found

OSV
OSV
added 2020/06/03 11:15 p.m.1 views

UBUNTU-CVE-2020-6493

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS7.3AI score0.01682EPSS
Exploits0References4
CVE
CVE
added 2020/05/04 9:25 a.m.1021 views

CVE-2020-1631

CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...

9.8CVSS9.7AI score0.04725EPSS
In wildExploits0References2Affected Software1
OSV
OSV
added 2020/04/30 9:15 p.m.6 views

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...

3.7CVSS5.8AI score0.00561EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/04/27 12:0 a.m.19 views

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...

9.8CVSS9.6AI score0.04725EPSS
In wildExploits0References2
CNVD
CNVD
added 2020/04/09 12:0 a.m.4 views

Argo License Issue Vulnerability (CNVD-2020-27455)

Argo is an open source container native workflow engine. Argo suffers from an authorization problem vulnerability that stems from the use of immutable authentication tokens in the web interface authentication system. An attacker could exploit this vulnerability to gain unauthorized access to...

7.5CVSS7.2AI score0.01712EPSS
Exploits1References1
Hacker One
Hacker One
added 2020/03/16 6:31 a.m.31 views

X (Formerly Twitter): Ability to bruteforce mopub account’s password due to lack of rate limitation protection using {ip rotation techniques}

Summary I tried to guess on my account. I sent out nearly 1,000 requests, and I was virtually banned on request about 120. But when I changed my IP and tried logging in, I was logged into the account without any additional checks Description: Your web authentication endpoint,...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/03/12 12:0 a.m.4 views

WAGO PFC100 and PFC200 Information Disclosure Vulnerability

The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A security vulnerability exists in the Web-Based Management authentication feature in the WAGO PFC200 versions 03.00.3912 and 03.01.0713 and the WAGO PFC100 version 03.00.3912. The vulnerability can ...

7.5CVSS7AI score0.02199EPSS
Exploits1References1
NVD
NVD
added 2020/02/25 4:15 p.m.32 views

CVE-2019-5165

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...

8CVSS7.4AI score0.02233EPSS
Exploits1References1
Prion
Prion
added 2020/02/25 4:15 p.m.14 views

Authentication flaw

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...

6.5CVSS7AI score0.02233EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/25 3:49 p.m.32 views

CVE-2019-5165

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...

8CVSS7AI score0.02233EPSS
Exploits1References1
CVE
CVE
added 2020/02/25 3:49 p.m.86 views

CVE-2019-5165

CVE-2019-5165 affects the Moxa AWK-3131A (firmware 1.13). Authentication bypass is caused by hostname processing that lets an attacker send authenticated SNMP requests to trigger a web-auth bypass, effectively treating remote traffic as local. Talos reports an 8.0 CVSSv3 (CR: C/H, PR: H, UI: N, S...

8CVSS6.9AI score0.02233EPSS
Exploits1References1Affected Software1
ThreatPost
ThreatPost
added 2020/01/22 1:1 p.m.96 views

New Muhstik Botnet Attacks Target Tomato Routers

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...

0.5AI score
Exploits0References8
NVD
NVD
added 2019/12/27 5:15 p.m.30 views

CVE-2013-4859

INSTEON Hub 2242-222 lacks Web and API authentication...

9.3CVSS8.2AI score0.06973EPSS
Exploits6References2
Cvelist
Cvelist
added 2019/12/27 4:28 p.m.31 views

CVE-2013-4859

INSTEON Hub 2242-222 lacks Web and API authentication...

8.3AI score0.06973EPSS
Exploits6References2
CVE
CVE
added 2019/12/27 4:28 p.m.122 views

CVE-2013-4859

The CVE-2013-4859 entry refers to INSTEON Hub 2242-222 that suffers a lack of Web and API authentication. The vulnerability targets the Hub’s web/API interfaces, enabling unauthorized access when the device is exposed to the Internet (e.g., via port forwarding). The base information indicates a h...

9.3CVSS8.1AI score0.06973EPSS
Exploits6References2Affected Software1
OSV
OSV
added 2019/08/01 2:15 p.m.3 views

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

5.5CVSS5.8AI score0.00357EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/05/07 12:0 a.m.5 views

The vulnerability of the mydlink web interface of D-Link routers allows a hacker to obtain DNS query logs and user login logs.

The vulnerability of the D-Link microprogrammed router’s web interface function “mydlink” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain DNS query logs and user login logs by sending specially crafted...

5.3CVSS7.2AI score0.02604EPSS
Exploits1References3
NVD
NVD
added 2019/03/25 10:29 p.m.23 views

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...

7.5CVSS7.7AI score0.02604EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/04 12:0 a.m.2 views

pfSense Access Restriction Bypass Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in version 2.4.41 of pfSense, which stems from the program blocking the source IP address based on SSH authentication failures and HTTPS authentication failures that do not match. An attacker could explo...

7.5CVSS7AI score0.0159EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.44 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1)

This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited,...

9.8CVSS7.2AI score0.03662EPSS
Exploits4References14
Rows per page
Query Builder