Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-15043 HIGH

Grafana 2.x-6.x < 6.3.4 - Unauthenticated Denial of Service via HTTP API

CVE-2019-15858 HIGH

Woody ad snippets < 2.2.5 - Unauthenticated Options Import

CVE-2019-15819 CRITICAL

nd-restaurant-reservations <1.5 - Info Disclosure

CVE-2019-13406 HIGH

Advan VD-1 Firmware < 230 - Unauthenticated Arbitrary APK Installation via ApkUpload.cgi

CVE-2019-13405 CRITICAL

Advan VD-1 Firmware 230 - Unauthenticated ADB Service Enablement via AdbSetting.cgi

CVE-2019-11063 CRITICAL

ASUS SmartHome < 2.0.22 (iOS) & < 3.0.42_190515 (Android) - Unauthenticated Device Control

CVE-2019-11061 CRITICAL

ASUS HG100 Firmware < 4.00.09 - Unauthenticated IoT Device Control via SmartHome DeviceControl Endpoint

CVE-2019-9935 MEDIUM

Lexmark Products - Privilege Escalation

CVE-2019-9934 MEDIUM

Lexmark - Privilege Escalation

CVE-2019-15506 HIGH

Kaseya VSA < 9.4.0.37 - Unauthenticated Sensitive Information Disclosure

CVE-2019-14511 HIGH

Sphinx Technologies Sphinx 3.1.1 - No Auth

CVE-2019-12634 HIGH

Cisco Integrated Management Controlle... - Missing Authentication

CVE-2019-15129 MEDIUM

Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 - Unauthenticated Arbitrary File Access via Recruitment Module

CVE-2019-15106 CRITICAL

ManageEngine OpManager < 12.4.034 - Unauthenticated Remote Command Execution via Default Credential Bypass

CVE-2019-9585 CRITICAL

eQ-3 Homematic CCU2 <2.47.10 & CCU3 <3.47.10 - Info Disclosure

CVE-2019-14984 HIGH

eQ-3 Homematic CCU2 and CCU3 XML-API < 1.2.0 - Unauthenticated Remote Code Execution via exec.cgi

CVE-2019-13101 CRITICAL

D-Link DIR-600M Firmware 3.02-3.06 - Unauthenticated Information Disclosure and Data Modification via wan.htm

CVE-2019-1895 CRITICAL

Cisco Enterprise NFV Infrastructure Software < 3.12.1 - Unauthenticated VNC Console Session Hijacking

CVE-2019-10198 MEDIUM

Foreman-tasks <0.15.7 - Auth Bypass

CVE-2019-5451 MEDIUM

Nextcloud Android App < 3.6.1 - Unauthenticated Lock Protection Bypass

CVE-2019-3948 HIGH

Amcrest IP2M-841B and Dahua Cameras < 2018-05-18 - Unauthenticated Audio Stream Access via /videotalk Endpoint

CVE-2019-1010136 HIGH

ChinaMobile GPN2.4P21-C-CN W2001EN-00 - Unauthenticated RCE

CVE-2019-13983 CRITICAL

Directus 7 <2.2.2 - Info Disclosure

CVE-2019-10915 HIGH

TIA Administrator < V1.0 SP1 Upd1 - Unauthenticated Critical Function Access

CVE-2019-12468 CRITICAL

MediaWiki 1.27.0-1.32.1 - Incorrect Access Control via Special:ChangeEmail

Previous Page 89 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy