Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Desi Short URL Script 1.0 - Auth Bypass

Six Apart Movable Type <4.261 - Auth Bypass

WordPress < 2.8.1 - Unauthenticated Sensitive Information Exposure via Plugin Configuration

CVE-2009-2422 CRITICAL

Ruby on Rails < 2.3.3 - Authentication Bypass via Invalid Username

CVE-2009-2382 CRITICAL

phpMyBlockchecker 1.0.0055 - Auth Bypass

KerviNet Forum < 1.1 - Unauthenticated SQL Injection and Arbitrary Account Deletion via del_user_id Parameter

Netgear DG632 3.4.0_ap - Auth Bypass

Zen Cart <= 1.3.8a - Unauthenticated Arbitrary File Upload via record_company_image Parameter

AWScripts.com Gallery Search Engine 1.5 - Auth Bypass

MIDAS 1.43 - Unauthenticated Authentication Bypass via Admin Cookie

CVE-2009-2168 CRITICAL

EgyPlus 7ammel <1.0.1 - Auth Bypass

TorrentTrader Classic 1.09 - Info Disclosure

phPortal 1.0 - Unauthenticated Authentication Bypass via kulladi Cookie

Mutt 1.5.19 - Improper TLS Certificate Chain Validation

Apple Safari - Improper Authentication via Cached Certificate Spoofing

Google Chrome < 1.0.154.53 - Improper Authentication via Cached Certificate

Opera Browser - Certificate Spoofing via Cached Proxy Response

Microsoft Internet Explorer <8 - Info Disclosure

Opera - Improper Authentication

Opera < 9.22 - Improper Authentication via HTTPS Frame Injection

Apple Safari - Cross-Site Scripting via HTTPS IFrame Script Injection

Firefox < 3.0.9 - Improper Authentication via HTTP-Intended-but-HTTPS-Loadable Pages

Microsoft Internet Explorer 8 - XSS

Opera < 9.25 - Man-in-the-Middle Script Execution via 3xx CONNECT Response

Apple Safari < 3.2.2 - Man-in-the-Middle Script Execution via 3xx CONNECT Response

Previous Page 159 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy