Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Cisco ASA/PX <7.0.8.3-8.1.1.13 - Auth Bypass

PHP Jabbers Post Comment 3.0 - Unauthenticated Administrative Access via PostCommentsAdmin Cookie

Atomic Photo Album 1.1.0 pre4 - Authentication Bypass via Cookie Manipulation

bbzl.php 0.92 - Unauthenticated Authentication Bypass via phorum_admin_session Cookie

Mantis < 1.1.3 - Session Hijacking via Unset Session Cookie

IBM WebSphere Application Server 6.0.2-6.0.2.30 and 6.1-6.1.0.18 - Improper Certificate Revocation Validation

Elxis CMS 2008.1 revision 2204 - Session Fixation via PHPSESSID Parameter

phpfastnews 1.0.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

PortalApp 4.0 - Unauthenticated Forum and Content Management via forums.asp and content.asp

Linux kernel < 2.6.25.18 - Denial of Service via SCTP INIT-ACK

Microsoft Host Integration Server 2000, 2004, 2006 - Unauthenticated Remote Code Execution via SNA RPC Message

Blue Coat K9 Web Protection 4.0.230 Beta - Unauthenticated Authentication Bypass via JavaScript Disabling

Cisco Unity <4.2.1-5.0.1-7.0.2 - Auth Bypass

Phlatline Personal Information Manager < 1.0 - Unauthenticated Arbitrary Password Change

Libra PHP File Manager < 1.18 - Improper Authentication Bypass via Query String Parameters

Rianxosencabos CMS 0.9 - Unauthenticated Authentication Bypass via Cookie Manipulation

Addalink < 1.0 - Improper Authentication

ezphotogallery 2.1 - Unauthenticated Administrator Account Manipulation via useradmin.php

Apple Mac OS X 10.4.11 - Auth Bypass

Apple Mac OS X 10.5-10.5.4 - Auth Bypass

Stash 1.0.3 - Unauthenticated Authentication Bypass via bsm Cookie

Ruby <1.8.6-p287, <1.8.7-p72, <1.9-r18423 - SSRF

Google Apps - SAML Authentication Impersonation via Missing Request Identifier and Recipient Field

CVE-2008-3738 CRITICAL

SpaceTag LacoodaST <2.1.3 - Info Disclosure

MicroWorld Technologies MailScan <5.6.a - Auth Bypass

Previous Page 167 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy