2930 matches found
WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...
NEC PC Settings Tool vulnerable to missing authentication for critical function
Overview PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Haruki Yadani of LAC Co., Ltd. reported this vulnerability to IPA...
JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function
PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...
CVE-2022-48300
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...
LS ELECTRIC XBC-DN32U
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: XBC-DN32U Vulnerabilities: Missing Authentication for Critical Function, Improper Access Control, Cleartext Transmission of Sensitive...
CVE-2022-43761
Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...
Authentication flaw
Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...
CVE-2022-3229
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code ...
Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite
CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...
Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite
CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...
CVE-2022-42970
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...
CVE-2022-42970
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...
CVE-2022-42970
Schneider Electric APC Easy UPS Online Monitoring Software (Schneider Electric/APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA (Windows 7/10/11 and Windows Server 2016/2019/2022) and prior to V2.5-GA-01-22261 (Windows 11/Server 2019/2022) are affected by CVE-2022-42970 due to m...
CVE-2022-32528
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS...
CVE-2022-32528
The CVE-2022-32528 entry concerns Schneider Electric IGSS Data Server (IGSSdataServer.exe) prior to version V15.0.0.22170. The issue is a CWE-306 Missing Authentication for Critical Function vulnerability that could allow an attacker to manipulate and read files in the IGSS project report directo...
Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
CVE-2022-46463 CVE-2022-46463POChttps://nvd.nist.gov/vuln...