Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

578 vulnerabilities with CWE-290

CVE-2018-5354 HIGH

ANIXIS Password Reset Client <3.22 - RCE

CVE-2018-5353 CRITICAL

Zoho ManageEngine ADSelfService Plus <5.5.5517 - Privilege Escalation

CVE-2018-7842 CRITICAL

Modicon M580, M340, Quantum, and Premium Firmware - Authentication Bypass via Modbus Parameter Brute Force

CVE-2018-15588 HIGH

MailMate < 1.11.3 - Authentication Bypass via Spoofed HTML/MIME Structure

CVE-2018-16483 HIGH

express-cart <=1.1.5 - Unauthenticated Privilege Escalation via User Addition

CVE-2018-15715 CRITICAL

Zoom < 4.1.34814.1119 (Windows), < 4.1.34801.1116 (Mac), <= 2.4.129780.0915 (Linux) - Unauthenticated Message Spoofing

CVE-2018-3829 MEDIUM

Elastic Cloud Enterprise < 1.1.4 - Authentication Bypass via Invalid Roles Token

CVE-2018-8425 MEDIUM

Microsoft Edge - Spoofing via HTML Content Handling

CVE-2018-1695 HIGH

IBM WebSphere App Server <8.5.5 - CSRF

CVE-2018-8388 MEDIUM

Microsoft Edge - Spoofing via Improper HTML Content Handling

CVE-2018-8383 MEDIUM

Microsoft Edge - Spoofing via HTTP Content Parsing

CVE-2018-8278 MEDIUM

Microsoft Edge - Spoofing via HTML Content Handling

CVE-2018-12331 HIGH

ECOS System Management Appliance <5.2.68 - Auth Bypass

CVE-2018-7160 HIGH

Node.js 6.0.0-6.8.0 and 6.9.0-6.13.1 - Remote Code Execution via DNS Rebinding Attack

CVE-2018-8153 MEDIUM

Microsoft Exchange Server - Spoofing via Outlook Web Access Request Handling

CVE-2017-12095 MEDIUM

Circle with Disney Firmware 2.0.1 - Authentication Bypass via Spoofed De-Auth Packets

CVE-2017-18190 HIGH

CUPS < 2.2.2 - Remote IPP Command Execution via DNS Rebinding

CVE-2017-16897 HIGH

Auth0 passport-wsfed-saml2 <3.0.5 - Privilege Escalation

CVE-2017-14487 CRITICAL

OhMiBod Remote < 2.50.37 - Authentication Bypass via Shared Preferences Manipulation

CVE-2017-12096 MEDIUM

Circle with Disney - Info Disclosure

CVE-2017-14375 CRITICAL

EMC Unisphere <8.4.0.15-1.4 - Auth Bypass

CVE-2017-14003 CRITICAL

LAVA ESL <6.01.00-29.03.2007 - Auth Bypass

CVE-2017-11717 HIGH

MetInfo <= 5.3.17 - Authentication Bypass via CAPTCHA Reuse

CVE-2017-8422 HIGH

KDE kdelibs < 4.14.32 and KAuth < 5.34 - Authentication Bypass via CallerID Spoofing

CVE-2017-6405 HIGH

Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Authentication Bypass via DNS Spoofing

Previous Page 23 of 24 Next

Details

Vulnerabilities 578

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy