Fortinet Fortigate SSH authentication bypass when RADIUS authentication is used (FG-IR-22-255)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-255 advisory. - An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0...

CVE-2022-35843

CVE-2022-35843 affects FortiOS SSH login component (and FortiProxy SSH) across multiple versions, allowing remote, unauthenticated login via a crafted Access-Challenge response from RADIUS. Affected: FortiOS 6.0–7.2.0 and 6.2–6.4.9; FortiProxy 1.2.0–2.0.10 and 7.0.0–7.0.5. Root cause described as...

CVE-2022-40703

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

Authentication flaw

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

CVE-2022-40703

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...

CVE-2018-1000875

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...

Authentication flaw

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...

CVE-2018-1000875

CVE-2018-1000875 affects BOINC Server and Website Code versions 0.9–1.0.2. The vulnerability is a CWE-302 Authentication Bypass by Assumed-Immutable Data on the Website Terms of Service Acceptance Page, allowing access to any user account via a specially crafted URL. The issue is reported as fixe...

OpenSupports 2.x - Auth Bypass/CSRF Vulnerabilities

No description provided by source. + Author: TUNISIAN CYBER + Exploit Title: OpenSupports v2.x AuthBypass/CSRF Vulnerabilities + Date: 15-03-2014 + Category: WebApp + Version: 2.x + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302/CWE-89 + Vendor: http://www.opensupports.com/ + Friendly Sites:...

osCmax 2.5.x Cross Site Request Forgery

Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.com/ + Friendly Sites: na3il.com,th3-creative.com +...

osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.co...

OpenSupports 2.x - Authentication Bypass Cross-Site Request Forgery

OpenSupports 2.x - Authentication Bypass Cross-Site Request Forgery + Author: TUNISIAN CYBER + Exploit Title: OpenSupports v2.x AuthBypass/CSRF Vulnerabilities + Date: 15-03-2014 + Category: WebApp + Version: 2.x + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302/CWE-89 + Vendor:...