Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2015-5372 EPSS 0.00

AdNovum nevisAuth <4.18.3.1 - Info Disclosure

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.

CWE-287 Sep 28, 2015

CVE-2015-6280 EPSS 0.01

Cisco Ios - Authentication Bypass

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.

CWE-287 Sep 28, 2015

CVE-2015-5998 EPSS 0.01

Impero Education Pro <5105 - RCE

Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.

CWE-287 Sep 14, 2015

CVE-2014-9605 1 PoC Analysis EPSS 0.09

Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.

CWE-287 Sep 04, 2015

CVE-2015-6266 EPSS 0.00

Cisco Identity Services Engine Software - Authentication Bypass

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

CWE-287 Aug 28, 2015

CVE-2014-3612 EPSS 0.01

Apache Activemq < 5.10.1 - Authentication Bypass

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.

CWE-287 Aug 24, 2015

CVE-2015-3775 EPSS 0.00

Apple OS X <10.10.5 - Privilege Escalation

Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.

CWE-287 Aug 16, 2015

CVE-2015-1486 2 PoCs Analysis EPSS 0.79

Symantec Endpoint Protection Manager <12.1-RU6-MP1 - Auth Bypass

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

CWE-287 Aug 01, 2015

CVE-2015-2978 EPSS 0.01

Webservice-DIC yoyaku_v41 - Auth Bypass

Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CWE-287 Jul 29, 2015

CVE-2015-4453 EPSS 0.41

Open-emr Openemr - Authentication Bypass

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

CWE-287 Jul 05, 2015

CVE-2015-1330 EPSS 0.00

unattended-upgrades <0.86.1 - Man-in-the-Middle

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.

CWE-287 Jul 01, 2015

CVE-2014-4882 EPSS 0.01

Aptexx Resident Anywhere - Info Disclosure

Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.

CWE-287 Jun 23, 2015

CVE-2015-3457 EPSS 0.09

Magento CE/EE <1.9.1.0-1.14.1.0 - Auth Bypass

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

CWE-287 Apr 29, 2015

CVE-2015-2117 EPSS 0.10

HP Tippingpoint Security Management System - Authentication Bypass

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.

CWE-287 Apr 27, 2015

CVE-2015-2823 EPSS 0.00

Siemens Wincc < 13.0 - Authentication Bypass

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

CWE-287 Apr 08, 2015

CVE-2015-0198 EPSS 0.01

IBM General Parallel File System - Authentication Bypass

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.

CWE-287 Mar 24, 2015

CVE-2015-0670 EPSS 0.00

Cisco Spa500 Firmware - Authentication Bypass

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

CWE-287 Mar 21, 2015

CVE-2015-0653 EPSS 0.08

Cisco Expressway Software < x7.2.4 - Authentication Bypass

The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.

CWE-287 Mar 13, 2015

CVE-2015-0607 EPSS 0.00

Cisco Ios - Authentication Bypass

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

CWE-287 Mar 06, 2015

CVE-2015-2047 EPSS 0.01

Typo3 - Authentication Bypass

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

CWE-287 Feb 23, 2015

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps