Download
| Alert*
|
SVE-002354
Smartwares HOME easy Client-Side Authentication Bypass Vulnerability. HOME easy is prone to an Authentication Bypass Vulnerability through IDOR by navigating to several administrative web pages. Successful exploitation allows disclosure of an SQLite3 database file and location. It is also possible t ... SVE-102354 Adobe Experience Manager CRX Authentication Bypass Vulnerability. An authentication bypass vulnerability exists in Adobe Experience Manager when default security controls are manually turned off on the Package Manager content tree. SVE-102339 FatPipe Networks IPVPN Authorization Bypass. An authorization bypass vulnerability exists in FatPipe Networks appliances due to direct access to objects based on user-supplied input. It allows attacker to bypass authorization and access resources behind protected pages. SVE-102338 FatPipe Networks WARP Authorization Bypass. An authorization bypass vulnerability exists in FatPipe Networks appliances due to direct access to objects based on user-supplied input. It allows attacker to bypass authorization and access resources behind protected pages. CVE-2021-41292 ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC. CVE-2020-15633 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP reque ... CVE-2020-17409 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists wit ... CVE-2020-27865 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP ... CVE-2020-27866 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulne ... CVE-2020-27863 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 ... CVE-2020-4050 In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in v ... CVE-2018-10841 glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start ... |
