Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-10046 MEDIUM

Pydio 8.2.2 - Unauthenticated Information Disclosure

CVE-2019-9871 CRITICAL

Jector FM-K75 Firmware - Unauthenticated Remote Code Execution via ADB Port

CVE-2019-12500 MEDIUM

Xiaomi M365 Scooter < 1.5.1 - Unauthenticated Critical Command Spoofing via Bluetooth Low Energy

CVE-2019-6958 CRITICAL

Bosch Video Management System <9.0 - Unauthenticated RCE

CVE-2019-12289 CRITICAL

VStarcam C7824WIP and C38S Firmware - Unauthenticated Remote Command Execution via Firmware Update

CVE-2019-12288 CRITICAL

VStarcam 100T/200V - Unauthenticated RCE

CVE-2019-6808 CRITICAL

Modicon Premium, Quantum, M340, M580 Firmware - Unauthenticated Remote Code Execution via Modbus Configuration Overwrite

CVE-2019-6820 HIGH

Schneider Electric Modicon and PacDrive Firmware - Unauthenticated IP Configuration Modification via Ethernet Frame

CVE-2019-10922 CRITICAL

SIMATIC PCS 7 < 8.0 and SIMATIC WinCC < 7.2 - Unauthenticated Remote Code Execution

CVE-2019-10919 CRITICAL

Siemens LOGO! 8 BM Firmware < 8.3 - Unauthenticated Device Reconfiguration and Project File Exposure via Port 10005/tcp

CVE-2019-9727 HIGH

eQ-3 AG Homematic CCU3 <3.43.15 - Info Disclosure

CVE-2019-7404 HIGH

LG GAMP-7100,GAPM-7200,GAPM-8000 - Info Disclosure

CVE-2019-5014 MEDIUM

Winco Fireworks FireFly FW-1007 V2.0 - Info Disclosure

CVE-2019-7564 CRITICAL

Shenzhen Coship WM3300 WiFi Router 5.0.0.55 - Auth Bypass

CVE-2019-10950 CRITICAL

Fujifilm CR-IR 357 FCR Carbon X/FCR XC-2/FCR Capsula X - Unauthenticated OS Access via Insecure Telnet Service

CVE-2019-8993 CRITICAL

TIBCO ActiveMatrix BPM <= 4.2.0 - Unauthenticated Credential Disclosure via Administrative Web Server

CVE-2019-7727 CRITICAL

NICE Engage < 6.5 - Unauthenticated Remote Code Execution via JMX/RMI Interface

CVE-2019-3899 CRITICAL

Openshift Container Platform 3.11 - Unauthenticated Heketi Management Interface Exposure

CVE-2019-10886 MEDIUM

Sony Photo Sharing Plus < pkg6.5629 - Unauthenticated Arbitrary File Read

CVE-2019-11321 MEDIUM

Motorola CX2 <1.01 - Info Disclosure

CVE-2019-1654 HIGH

Cisco AP-COS < 8.3.150.0 - Authenticated Missing Authentication for Critical Function via CLI Input

CVE-2019-9974 CRITICAL

DASAN H660RM Firmware 1.03-0022 - Unauthenticated Command Execution via diag_tool.cgi

CVE-2019-10946 HIGH

Joomla! < 3.9.4 - Unauthenticated Critical Function Access via Helpsites Refresh Endpoint

CVE-2019-3941 HIGH

Advantech WebAccess 8.3.4 - Unauthenticated Arbitrary File Deletion via IOCTL 10005 RPC

CVE-2019-5514 HIGH

VMware Fusion 11.0.0-11.0.2 - Unauthenticated Remote Code Execution via WebSocket API

Previous Page 91 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy