Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Ipswitch WS_FTP Server Manager <6.1.1 - Auth Bypass

IBM Tivoli Provisioning Manager <5.1.1.1 IF0006 - RCE

Asterisk Open Source 1.2.26-1.2.30.3 & Business Edition B.2.3.5-B.2.5.5 - DoS via Realtime IAX2 Auth

Apple Mac OS X Server < 10.5.6 - Podcast Producer Authentication Bypass

scssboard 1.0-1.12 - Unauthenticated Authentication Bypass via current_user[users_level] Parameter

Pro Clan Manager <0.4.2 - Info Disclosure

BandSite CMS 1.1.4 - Unauthenticated Authentication Bypass via login_auth Cookie

Microsoft Office SharePoint Server and Search Server - Improper Authentication and Authorization

Symantec Backup Exec 11.0-12.5 - Authentication Bypass & Arbitrary File Read/Delete

Sun JDK and JRE - Remote Code Execution via Unverified Java Update

Gallery <1.5.10, <1.6-RC3 - Auth Bypass

wportfolio < 0.3 - Unauthenticated Admin Password Change via account_save Action

VideoScript <4.0.1.50 - Auth Bypass

Client Software WinCom LPD Total <3.0.2.623 - Auth Bypass

CCleague Pro 1.2 - Unauthenticated Authentication Bypass via Type Cookie

JSCAPE Secure FTP Applet < 4.8.0 - SSH Host Key Verification Bypass

Easy-script Tlguesbook - Authentication Bypass

Firefox 2.0-2.0.0.17 and 3.0-3.0.3 - Same-Origin Policy Bypass via nsXMLHttpRequest Event Listeners

Microsoft Windows - Remote Code Execution via SMB Credential Reflection

Zeeways PhotoVideoTube < 1.1 - Unauthenticated Authentication Bypass via Direct Admin Request

Graphiks MyForum 1.3 - Unauthenticated Authentication Bypass via Cookie Manipulation

aflog 1.01 - Unauthenticated Authentication Bypass via aflog_auth_a Cookie

tlAds 1.0 - Unauthenticated Authentication Bypass via tlAds_login Cookie

TlNews 2.2 - Unauthenticated Authentication Bypass via tlNews_login Cookie

Sun Integrated Lights-Out Manager 2.0.1.5-2.0.4.26 - Authenticated Denial of Service and Unspecified Impact

Previous Page 166 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy