Exploit for Path Traversal in Vmware Cloud_Foundation

cve-2021-21972 Usage Instructions p...

(Pwn2Own) NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack of authentication required ...

Authentication flaw

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors...

Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management formerly ObserveIT Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a...

Scalance X Products Critical Function Authentication Missing Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products Critical Function Authentication Missing vulnerability can be exploited by an attacker to reboot the device over a network...

Siemens SCALANCE X Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

The vulnerability of HiSilicon Hi3520D microprogramming chip software lies in the lack of authentication for a critical function, allowing attackers to trigger a service failure or execute arbitrary code.

The vulnerability of HiSilicon Hi3520D chipset’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker to trigger a service failure or execute arbitrary code...

CVE-2020-7540

CVE-2020-7540 affects Schneider Electric Modicon Web Server components on Modicon M340, and legacy Modicon Quantum and Premium, plus associated communication modules. The root cause is CWE-306 Missing Authentication for Critical Function, enabling unauthenticated command execution via specially c...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

PT-2020-6314 · Schneider Electric · Easergy T300

Name of the Vulnerable Software and Affected Versions: Easergy T300 versions 2.7 and older Description: A missing authentication for critical function issue exists, which could cause problems including information exposure, denial of service, and command execution when access to a resource from a...

CVE-2020-7561

The CVE-2020-7561 issue affects Schneider Electric Easergy T300 firmware 2.7 and older. The root cause is Missing Authentication for Critical Function (CWE-306), potentially allowing a remote attacker to access protected resources, leading to information exposure, denial of service, and remote co...

The vulnerability of the device controller in the Cisco Data Center Network Manager system allows a intruder to perform arbitrary actions on the vulnerable device.

The vulnerability of the Data Center Network Manager DCNM device relates to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to perform arbitrary actions on the vulnerable device...

Design/Logic Flaw

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

Authentication flaw

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

CVE-2020-16167, CVE-2020-16168 and CVE-2020-16169 pertain to temi robot’s IoT stack. The Connected documents confirm: (1) Missing Authentication for Critical Functions allowed publishing/subscribing to MQTT topics and inter-app privilege escalation (CVE-16167) enabling an attacker to subscribe to...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...