130 matches found
CVE-2017-14942
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie...
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...
CVE-2010-2620
Open FTP Server Open-FTPD 1.2 and earlier allows remote attackers to bypass authentication by sending 1 LIST, 2 RETR, 3 STOR, or other commands without performing the required login steps first...
PT-2025-20377 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.3.0 Checkmk version 2.4.0b6 and earlier Description: The issue allows files to be deployed with agents to be accessible without authentication. This could enable an attacker to access files that may contain...
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...
CVE-2025-32839
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...
CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...
PT-2025-15053 · Zendto · Zendto
Name of the Vulnerable Software and Affected Versions: ZendTo versions prior to 5.04-7 Description: A type confusion vulnerability in lib/NSSAuthenticator.php allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. The...
CVE-2025-29266
Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled...
Cisco Meraki MX67 and Cisco Meraki MX68 Access Authentication Error Vulnerabilities
The Cisco Meraki MX67 and Cisco Meraki MX68 are cloud-managed routers in the Cisco Meraki series. An access validation error vulnerability exists in the Cisco Meraki MX67 and Cisco Meraki MX68 that stems from improper access control and can be exploited by an attacker to cause information...
CVE-2024-54085
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. Recent assessments: Assessed Attacker Value...
CVE-2024-1817
A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...
CVE-2024-48859
Summary: CVE-2024-48859 is an improper authentication vulnerability affecting QNAP QTS and QuTS hero operating systems. The issue could allow remote attackers to compromise system security via network access. Affected versions (patched): QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.2.2950 bui...
CVE-2023-34094
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
Design/Logic Flaw
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
Hardcoded credentials
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
CVE-2021-41615
The CVE-2021-41615 entry relates to GoAhead WebServer 2.1.8 (websda.c) having insufficient nonce entropy because nonce calculation uses a hardcoded value (onceuponatimeinparadise) that does not comply with RFC 7616/2617 secret-data guidelines. The vulnerability is documented with a high CVSS v3.1...
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
PT-2022-22634 · Unknown · Omicard Edm
Name of the Vulnerable Software and Affected Versions: OMICARD EDM affected versions not specified Description: The mail image relay function in OMICARD EDM has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrary system files...