I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.
Max CVSS
9.1
EPSS Score
0.15%
Published
2018-03-23
Updated
2019-10-03
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.
Max CVSS
9.8
EPSS Score
1.83%
Published
2018-03-30
Updated
2019-05-28
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a new OpenVPN connection. Because he or she controls the contents of the XPC message, the attacker can specify the location of the openvpn executable, which could point to something malicious they control located on disk. Without validation of the openvpn executable, this will give the attacker code execution in the context of the privileged helper tool.
Max CVSS
9.0
EPSS Score
0.18%
Published
2018-03-27
Updated
2020-05-11
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
Max CVSS
9.8
EPSS Score
92.58%
Published
2018-03-27
Updated
2021-04-23
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Max CVSS
8.1
EPSS Score
0.93%
Published
2018-03-15
Updated
2020-02-17
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
Max CVSS
9.8
EPSS Score
1.18%
Published
2018-03-14
Updated
2019-10-03
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
Max CVSS
9.8
EPSS Score
61.03%
Published
2018-03-14
Updated
2019-02-28

CVE-2018-7750

Public exploit
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Max CVSS
9.8
EPSS Score
6.63%
Published
2018-03-13
Updated
2022-04-18
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Max CVSS
9.8
EPSS Score
0.34%
Published
2018-03-12
Updated
2019-03-04
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation.
Max CVSS
7.5
EPSS Score
3.60%
Published
2018-03-07
Updated
2021-09-09
Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
Max CVSS
9.8
EPSS Score
78.00%
Published
2018-03-22
Updated
2019-10-09
An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.
Max CVSS
9.8
EPSS Score
15.85%
Published
2018-03-22
Updated
2020-10-02
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
Max CVSS
8.1
EPSS Score
0.15%
Published
2018-03-09
Updated
2022-02-02
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
Max CVSS
9.8
EPSS Score
0.44%
Published
2018-03-09
Updated
2022-02-02
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
Max CVSS
5.3
EPSS Score
0.08%
Published
2018-03-09
Updated
2022-02-02
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured.
Max CVSS
9.8
EPSS Score
0.31%
Published
2018-03-11
Updated
2020-08-24

CVE-2018-6328

Public exploit
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Max CVSS
9.8
EPSS Score
2.08%
Published
2018-03-14
Updated
2021-12-06
Authentication bypass in Hanwha Techwin Smartcams
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-03-13
Updated
2018-04-09
Unsecured way of firmware update in Hanwha Techwin Smartcams
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-03-13
Updated
2018-04-09
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.78%
Published
2018-03-26
Updated
2019-10-09
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
Max CVSS
9.8
EPSS Score
0.78%
Published
2018-03-26
Updated
2019-10-09
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2018-03-26
Updated
2019-10-09
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2018-03-26
Updated
2019-10-09
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2018-03-26
Updated
2019-10-09
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2018-03-26
Updated
2019-10-09
70 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!