Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

210 vulnerabilities with CWE-294

CVE-2023-39547 HIGH

CLUSTERPRO X <5.1 - Command Injection

CVE-2023-45794 MEDIUM

Mendix 10<10.4.0, Mendix 7<7.23.37, Mendix 8<8.18.27, Mendix 9<9.24...

CVE-2023-36857 MEDIUM

Baker Hughes - Bently Nevada 3500 System TDI Firmware <5.05 - Replay

CVE-2023-41890 HIGH

Sustainsys.Saml2 <1.0.3, <2.9.2 - Info Disclosure

CVE-2023-30909 CRITICAL

HP Oneview < 8.30.01 - Authentication Bypass

CVE-2023-39373 HIGH

Hyundai 2017 Firmware - Authentication Bypass

CVE-2023-20900 HIGH

VMware vSphere <8.0 - Privilege Escalation

CVE-2023-34625 HIGH

Showmojo Mojobox Firmware - Authentication Bypass

CVE-2023-2846 HIGH

Mitsubishi Electric Corporation MELSEC iQ-F Series - Auth Bypass

CVE-2023-34553 MEDIUM

WAFU Keyless Smart Lock v1.0 - Code Injection

CVE-2023-29158 MEDIUM

SUBNET PowerSYSTEM Center <2020 U10 - DoS

CVE-2023-33621 MEDIUM

GL.iNET GL-AR750S-Ext <3.215 - Auth Bypass

CVE-2023-31763 HIGH

AGShome Smart Alarm v1.0 - Info Disclosure

CVE-2023-31762 HIGH

Digoo DG-HAMB Smart Home Security System v1.0 - Code Injection

CVE-2023-31761 HIGH

Blitzwolf BW-IS22 - Code Injection

CVE-2023-31759 HIGH

Kerui W18 Alarm System v1.0 - Code Injection

CVE-2023-33281 MEDIUM

Nissan Sylphy Classic 2021 - Replay Attack

CVE-2023-20123 MEDIUM

Cisco Duo - Info Disclosure

CVE-2023-1886 HIGH

thorsten/phpmyfaq <3.1.12 - Auth Bypass

CVE-2023-1537 CRITICAL

answerdev/answer <1.0.6 - Auth Bypass

CVE-2023-23397 CRITICAL KEV

Microsoft Outlook - Privilege Escalation

CVE-2023-0014 CRITICAL

SAP NetWeaver ABAP Server/ABAP Platform - Info Disclosure

CVE-2023-0036 MEDIUM

OpenHarmony <v3.0.5 - Auth Bypass

CVE-2023-0035 MEDIUM

OpenHarmony <v3.0.5 - Auth Bypass

CVE-2022-46480 HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

Previous Page 4 of 9 Next

Details

Vulnerabilities 210

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy