Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Cisco TelePresence Recording Server 1.6.x - Unauthenticated XML-RPC Interface Access

Cisco TelePresence Multipoint Switch Software 1.0.x-1.6.x - Unauthenticated Remote Code Execution

Cisco TelePresence Recording Server and Multipoint Switch - Unauthenticated Remote Code Execution

Cisco TelePresence Manager 1.2.x-1.6.x - Unauthenticated Authentication Bypass via Malformed SOAP Request

F-Secure Internet Gatekeeper for Linux 3.x < 3.03 - Unauthenticated Access Log Exposure via Admin UI Port

Microsoft Windows Server 2008 R2 & Windows 7 - Info Disclosure

Microsoft Windows XP/Server 2003 - Privilege Escalation

IBM Lotus Domino - Authentication Bypass and Remote Code Execution via UNC Share Pathname

Symantec Antivirus Corporate Edition 10.x < 10.1 MR10 - Remote Code Execution via Crafted TCP Messages

Objectivity/DB 10.0 - Unauthenticated Administrative Command Execution via Lock Server or Advanced Multithreaded Server

CVE-2010-2496 MEDIUM

cluster_glue < 1.0.6 and pacemaker < 1.1.3 - Password Exposure via Command Line Parameters

Cisco ASA 5500 <8.3.2 - Info Disclosure

IBM Lotus Mobile Connect < 6.1.4 - Improper Authentication via LTPA Token Persistence

VMware ESXi 4.1 - Improper Authentication via Modified sfcb.cfg

Eucalyptus 2.0.0-2.0.1 - Unauthenticated Privilege Escalation via Password Reset Feature

Pointter PHP Micro-Blogging Social Network 1.8 - Unauthenticated Privilege Escalation via Cookie Manipulation

Pointter PHP Content Management System 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

phpMyAdmin < 3.4.0-beta1 - Unauthenticated Sensitive Information Exposure via phpinfo.php

Google Chrome < 8.0.552.214 - Denial of Service via HTTP Proxy Authentication

CVE-2010-4478 CRITICAL

OpenSSH < 5.6 - Unauthenticated Authentication Bypass via J-PAKE Protocol

OpenSSL < 1.0.0c - Improper Authentication via J-PAKE Parameter Validation Bypass

Pandora FMS < 3.1 - Unauthenticated Authentication Bypass via Empty loginhash_pwd

Red Hat Certificate System 7.3 and 8 and Dogtag Certificate System - Unauthenticated SCEP One-Time PIN Disclosure

Camtron CMNC-200 Firmware 1.102A-008 - Unauthenticated Authentication Bypass via Double Slash URI

Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Unauthenticated Authentication Bypass via Disabled Mobile Account

Previous Page 154 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy