Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,453 vulnerabilities with CWE-306

CVE-2017-6044 CRITICAL

Sierra Wireless AirLink Raven XE and XT - Unauthenticated Improper Authorization

CVE-2017-3216 CRITICAL

Greenpacket Ox350 Firmware - Missing Authentication

CVE-2017-3819 HIGH

Cisco ASR 5000/5500/5700 Series Privilege Escalation via SSH/SFTP CLI Injection

CVE-2017-6409 CRITICAL

Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Unauthenticated Inappropriate Access via CORBA Interfaces

CVE-2017-5162 CRITICAL

BINOM3 Universal Multifunctional Electric Power Quality Meter Firmware - Unauthenticated Remote Access to Configuration

CVE-2016-15046 HIGH

Hanwha Smart Security Manager 1.32 and 1.4 - Remote Code Execution via Apache ActiveMQ PUT Method

CVE-2016-15045 HIGH

lastore-daemon <0.9.66-1 - Privilege Escalation

CVE-2016-9496 MEDIUM

Hughes HN7740S DW7000 HN7000S/SM Firmware - Unauthenticated Denial of Service via Reboot Endpoint

CVE-2016-6549 MEDIUM

nutspace nut_mobile - Unauthenticated Bluetooth Pairing

CVE-2016-6544 HIGH

iTrack Easy - Unauthenticated GPS Data Modification via cmd:setothergps Parameter

CVE-2016-6541 HIGH

TrackR Bravo Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Unauthenticated Pairing

CVE-2016-6540 MEDIUM

TrackR Bravo Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Unauthenticated GPS Data Access via Tracker ID

CVE-2016-10364 MEDIUM

Kibana 5.0.0-5.0.1 - Authenticated Privilege Escalation via Advanced Settings and Short URL Service

CVE-2016-7830 HIGH

Sony PCS-XG100/XG100S/XG100C/XG77/XG77S/XG77C <1.51 & PCS-XC1 <1.22 - Unauthenticated Admin Bypass

CVE-2016-5053 CRITICAL

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 - Unauthenticated Remote Code Execution via TCP Port 4000

CVE-2016-8355 CRITICAL

Smiths-Medical CADD-Solis Medication Safety Software - Privilege Es...

CVE-2016-9369 CRITICAL

Moxa NPort Series - Unauthenticated Firmware Update Remote Code Execution

CVE-2016-2004 CRITICAL

HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE

CVE-2015-10141 CRITICAL

Xdebug < 2.5.5 - Unauthenticated OS Command Injection via Remote Debugger Interface

CVE-2015-5201 HIGH

Red Hat Enterprise Virtualization < 3.5.6 - Unauthenticated Remote Login via VDSM and libvirt

CVE-2015-7559 LOW

Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command

CVE-2015-9030 HIGH

Android - Missing Authentication for Critical Function in Hypervisor API

CVE-2015-2888 CRITICAL

Summer Baby Zoom Wifi Monitor - Auth Bypass

CVE-2014-125113 CRITICAL

Dell KACE K1000 <5.4.76849-5.5.90547 - File Upload

CVE-2014-125126 CRITICAL

Simple E-Document 3.0-3.1 - File Upload

Previous Page 97 of 99 Next

Details

Vulnerabilities 2,453

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy