CVE-2018-2360

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage...

Hawt.io admin terminal command execution vulnerability

Hawt.io is a web console for managing Java frameworks. admin terminal is one of the management terminals. A security vulnerability exists in the admin terminal in Hawt.io, which is caused by the program failing to require authentication. A remote attacker can exploit this vulnerability to execute...

The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter lies in the lack of authentication, which allows attackers to gain access to the device’s settings.

The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device and perform arbitrary settin...

The vulnerability of the Wi-Fi Konke Smart Plug’s microprogramming software lies in the lack of authentication procedures for Telnet sessions. This allows a malicious user to control the device with root privileges.

The vulnerability of the Wi-Fi Konke Smart Plug remote control software relates to the absence of authentication procedures for Telnet sessions. Exploiting this vulnerability could allow a malicious actor to control the device with root privileges through port 23...

CVE-2017-1222

IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862...

Juniper Networks Junos Space Man-in-the-Middle Attack Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Networks Junos Space prior to version 17.1R1 tha...

CVE-2017-10623

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...

PT-2017-3367 · Zivif · Zivif Pr115-204-P-Rs

Name of the Vulnerable Software and Affected Versions: Zivif PR115-204-P-RS version V2.3.4.2103 Description: The issue is related to errors in handling registration data in the webcam's software. It allows a remote attacker to obtain user credentials using the HTTP request...

PT-2017-19227 · Sma Solar Technology · Sunny Boy Tlst-21 +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30 Description: The SIP implementation in SMA Solar Technology products does not properly use authentication with encryption, making it...

Mailcow Cross-Site Request Forgery Vulnerability (CNVD-2017-10371)

Mailcow is a mail server suite that provides a modern web UI interface for user and service management. A cross-site request forgery vulnerability exists in Mailcow. The vulnerability stems from the "admin.php" page not adding authentication such as token or CAPTCHA, which can be exploited by an...

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to execute arbitrary commands and load arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit lies in the absence of requirements for authentication procedures in the default configuration. Exploiting this vulnerability allows a malicious actor to execute commands through the command line interface and upload arbitrary files...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

CVE-2011-5078

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...