Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-19419 HIGH

Emerson Smart Wireless Gateway 1420 Firmware 4.6.59 - Unauthenticated Sensitive Information Exposure

CVE-2020-27225 HIGH

Eclipse Platform <4.18 - Info Disclosure

CVE-2020-36245 HIGH

GramAddict < 1.2.3 - Unauthenticated Remote Code Execution via UIAutomator2 and ATX-Agent

CVE-2020-26192 HIGH

Dell EMC PowerScale OneFS 8.2.0-9.1.0 - Privilege Escalation via ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH

CVE-2020-15798 CRITICAL

SIMATIC HMI Comfort Panels and KTP Mobile Panels < V16 Update 3a - Unauthenticated Remote Access via Telnet

CVE-2020-10537 HIGH

epikur < 20.1.1 - Unauthenticated Administrator Access via Glassfish Default Configuration

CVE-2020-14245 CRITICAL

HCL OneTest UI 9.5, 10.0, 10.1 - Missing Authentication for Critical Function

CVE-2020-29165 CRITICAL

PacsOne Server < 7.1.1 - Unauthenticated Privilege Escalation to Administrator

CVE-2020-15834 HIGH

Mofi Network MOFI4500-4GXeLTE 4.1.5-std - Unauthenticated Wireless Password Exposure via QR Code Download

CVE-2020-13856 HIGH

MOFI4500-4GXeLTE Firmware 4.0.8-std - Unauthenticated Sensitive Information Exposure via Support File Download

CVE-2020-23448 CRITICAL

newbee-mall - Unauthenticated Privilege Escalation via AdminLoginInterceptor Bypass

CVE-2020-4958 CRITICAL

IBM Security Identity Governance and Intelligence 5.2.6 - Missing Authentication for Critical Function

CVE-2020-9143 MEDIUM

Huawei EMUI and Magic UI - Missing Authentication for Critical Function

CVE-2020-15799 MEDIUM

SCALANCE X-200 and X-200IRT Switch Families < V5.5.0 - Unauthenticated Denial of Service via Web Server URL

CVE-2020-5022 MEDIUM

IBM Spectrum Protect Plus 10.1.0-10.1.6 - Unauthenticated Information Disclosure via VDAP Proxy

CVE-2020-27285 CRITICAL

Crimson <3.1-3119.001 - Info Disclosure

CVE-2020-35951 CRITICAL

Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion via qsm_remove_file_fd_question

CVE-2020-10148 CRITICAL KEV

SolarWinds Orion Platform 2019.4 HF 5, 2020.2, 2020.2 HF 1 - Unauthenticated API Authentication Bypass

CVE-2020-9208 MEDIUM

iManager NetEco 6000 V600R021C00 - Unauthenticated Information Disclosure

CVE-2020-29551 CRITICAL

URVE Build 24.03.2020 - Unauthenticated System Shutdown via _internal/pc/shutdown.php

CVE-2020-24580 HIGH

D-Link DSL-2888A <AU_2.31_V1.1.47ae55 - Info Disclosure

CVE-2020-26173 LOW

Tangro Business Workflow < 1.18.1 - Unauthenticated Document Download via Valid Document ID and Token

CVE-2020-35197 CRITICAL

Memcached Docker <1.5.11-alpine - Privilege Escalation

CVE-2020-35196 CRITICAL

RabbitMQ Docker Image < 3.7.13-beta.1-management-alpine - Blank Root Password

CVE-2020-35195 CRITICAL

Haproxy Docker <1.8.18-alpine - Privilege Escalation

Previous Page 75 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy