Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2012-1799 EPSS 0.02

Siemens Scalance S Firmware < 2.3.0 - Authentication Bypass

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

CWE-287 Apr 18, 2012

CVE-2012-1808 EPSS 0.01

Koyo H0-ecom - Authentication Bypass

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.

CWE-287 Apr 13, 2012

CVE-2012-1806 EPSS 0.00

Koyo H0-ecom - Authentication Bypass

The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack.

CWE-287 Apr 13, 2012

CVE-2012-1840 EPSS 0.01

Ajaxplorer - Authentication Bypass

AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash.

CWE-287 Mar 22, 2012

CVE-2012-1838 EPSS 0.01

Lg-nortel Elo Gs24m Switch - Authentication Bypass

The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page.

CWE-287 Mar 22, 2012

CVE-2012-0400 EPSS 0.01

EMC RSA enVision <4.1.4 - Auth Bypass

EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

CWE-287 Mar 20, 2012

CVE-2012-1256 EPSS 0.00

Easyvista < 2010 - Authentication Bypass

The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.

CWE-287 Feb 22, 2012

CVE-2012-0240 EPSS 0.01

Advantech Webaccess < 6.0 - Authentication Bypass

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

CWE-287 Feb 21, 2012

CVE-2012-0239 EPSS 0.00

Advantech Webaccess < 6.0 - Authentication Bypass

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

CWE-287 Feb 21, 2012

CVE-2011-4514 EPSS 0.01

Siemens Wincc Flexible - Authentication Bypass

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.

CWE-287 Feb 03, 2012

CVE-2011-4508 EPSS 0.00

Siemens Wincc Flexible < v11 - Authentication Bypass

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

CWE-287 Feb 03, 2012

CVE-2011-3463 EPSS 0.00

Apple Mac OS X 10.7.x <10.7.3 - Privilege Escalation

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.

CWE-287 Feb 02, 2012

CVE-2012-0931 9.8 CRITICAL EPSS 0.04

Schneider Electric Modicon Quantum PLC - DoS/RCE

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

CWE-287 Jan 28, 2012

CVE-2011-3478 2 PoCs Analysis EPSS 0.53

Symantec pcAnywhere <12.5.3 - RCE

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

CWE-287 Jan 25, 2012

CVE-2011-5063 EPSS 0.02

Apache Tomcat < 5.5.34 - Authentication Bypass

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CWE-287 Jan 14, 2012

CVE-2011-5054 EPSS 0.00

KDE Kcheckpass - Authentication Bypass

kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

CWE-287 Jan 06, 2012

CVE-2011-5053 1 PoC Analysis EPSS 0.26

Wi-fi Wifi Protected Setup Protocol - Authentication Bypass

The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

CWE-287 Jan 06, 2012

CVE-2011-4644 1 PoC Analysis EPSS 0.05

Splunk < 4.2.5 - Authentication Bypass

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

CWE-287 Jan 03, 2012

CVE-2011-3667 EPSS 0.00

Bugzilla <4.0.3 - RCE

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.

CWE-287 Jan 02, 2012

CVE-2011-3372 EPSS 0.01

Cyrus IMAPd <2.4.12 - Auth Bypass

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

CWE-287 Dec 24, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps