Siemens SICAM A8000 Missing Authentication For Critical Function (CVE-2022-27480)

A vulnerability has been identified in SICAM A8000 CP-8031 All versions V4.80, SICAM A8000 CP-8050 All versions V4.80. Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. This plugin only works wi...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to increase their privileges

The vulnerability of the Linux operating system’s kernel is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to increase their privileges...

Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Authentication at File Download & Denial of Service product: Siemens A8000 CP-8050/CP-8031 SICAM WEB vulnerable version: SICAM WEB Version 05.80 / Firmware Packag...

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...

CVE-2022-24829 Missing authentication in Garden

Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...

Samsung DeX Home 安全漏洞

Samsung DeX Home is a Samsung DeX application for PCs and Macs from Samsung South Korea.An information disclosure vulnerability exists in Samsung DeX Home, which stems from the lack of proper access authentication logic in Samsung DeX Home, and could be exploited to gain unauthorized access to...

CVE-2020-27376

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

CVE-2020-27376

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

Authentication flaw

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

CVE-2020-27376

The connected sources identify CVE-2020-27376 as an access-control vulnerability in Dr Trust USA iCheck Connect BP Monitor BP Testing 118, version 1.2.1, described as Missing Authentication. Affected product and version are stated; CVSS indicates HIGH severity (AVG 8.3–8.8 depending on metric set...

CVE-2020-27376

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

CVE-2021-33008 AVEVA System Platform Missing Authentication for Critical Function

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity...

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

CVE-2020-14479

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server...

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. PoC On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value t...

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

CVE-2022-25250 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to sh...

PTC Axeda agent and Axeda Desktop Server (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...

Trailer Power Line Communications (PLC) J2497

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: Power Line Communications PLC: J2497 a.k.a. PLC4TRUCKS Vulnerabilities: Missing Authentication for Critical Function, Improper Protection against Electromagnetic Fault Injection 2. RISK EVALUATION...

(Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGINX web server. The issue results from...