Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287

Raritan PX < 1.5.11 - Unauthenticated Authentication Bypass via Cipher Suite 0

Cisco Small Business SPA300 and SPA500 IP Phones - Unauthenticated Debug Console Access

HP SiteScope 11.1x-11.13 and 11.2x-11.24 - Authentication Bypass

iodine < 0.7.0 - Authentication Bypass via Error Handling

Cherokee <1.2.103 - Auth Bypass

CVE-2014-2005 MEDIUM

Sophos Disk Encryption <5.2.2 - Privilege Escalation

IBM Security Access Manager for Web 8.0 Firmware 8.0.0.0-8.0.0.3 - Authentication Bypass via Local Management Interface

HP Executive Scorecard 9.40-9.41 - Unauthenticated Remote Code Execution via Java Glassfish Admin Console

Cisco NX-OS < 6.2(2a) - Unauthenticated Denial of Service via Malformed HSRP Packets

Dotclear < 2.6.3 - Unauthenticated Authentication Bypass via XML-RPC Empty Password

TYPO3 < 6.2 - Authentication Bypass via Password Hash Knowledge

TYPO3 6.2.0-6.2.2 - Improper Authentication

Citrix VDI-In-A-Box 5.3.x < 5.3.8 and 5.4.x < 5.4.4 - Authentication Bypass via Java Servlet

Cisco Unified Communications Domain Manager < 9.0(1) - Authenticated Information Disclosure via Crafted URL

Moodle <2.3.11-2.6.3 - Info Disclosure

Hanvon FaceID < 1.007.110 - Unauthenticated API Command Execution

RSA NetWitness < 9.8.5.19 & Security Analytics 10.2-10.2.4/10.3.x < 10.3.2 - Auth Bypass via Kerberos PAM

Dovecot 1.1-2.2.12 - Denial of Service via Incomplete SSL/TLS Handshake

Zabbix <2.8.20rc1, <2.0.11rc1, <2.2.2rc1 - Auth Bypass

Foreman < 1.4.2 - Session Fixation via Session ID Cookie

OpenStack Neutron <2013.2.3 - Privilege Escalation

Cisco Adaptive Security Appliance Software - Authenticated Arbitrary File Read via Crafted HTTP URL

Unitrends Enterprise Backup 7.3.0 - Unauthenticated Authentication Bypass via SNMPD Auth Parameter

Festo CECX-X-C1/M1 CoDeSys/SoftMotion - Unauthenticated Config Mod & Log Deletion

Festo CECX-X-C1 and CECX-X-M1 Modular Controllers with CoDeSys - Improper Authentication via Undocumented FTP Access

Previous Page 138 of 175 Next

Details

Vulnerabilities 4,372

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy