Mars: Users Data Exposure via Insecure Endpoint

An insecure endpoint on the Mars Royal Canin website exposed sensitive customer information without proper authentication. Personal data, including full names, phone numbers, email addresses, physical addresses, and postal codes, was accessible through a simple API endpoint that could be accessed...

CVE-2024-6981

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication...

Improper Authentication

org.apache.ozone ozone-main is vulnerable to Improper Authentication. The vulnerability is due to improper verification for the identity of a user accessing the Storage Container Manager service. This flaw allows an attackers to download internal metadata without the need for proper authenticatio...

CVE-2023-28540 Improper Authentication in Data Modem

Cryptographic issue in Data Modem due to improper authentication during TLS handshake...

CVE-2023-35082

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier...

CVE-2023-35078

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication...

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

CVE-2021-20152

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/...

VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of jsonrpc messages. The issue results from the lac...

CVE-2020-12004

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information. Recent assessments: cdelafuente-r7 at June 26, 2020 11:13am UTC...

Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities

Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem |...

[SA15344] 1Two News Script Insertion and Authentication Bypass

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: 1Two News Script Insertion and Authentication Bypass...