Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.
Max CVSS
9.8
EPSS Score
0.19%
Published
2018-12-20
Updated
2019-01-09
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.
Max CVSS
9.0
EPSS Score
0.08%
Published
2018-12-20
Updated
2020-06-24
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Max CVSS
9.8
EPSS Score
1.31%
Published
2018-08-20
Updated
2019-10-03
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
Max CVSS
8.1
EPSS Score
0.46%
Published
2018-12-24
Updated
2019-10-03
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-12-21
Updated
2019-10-03
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-12-04
Updated
2019-10-03
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
Max CVSS
8.1
EPSS Score
2.16%
Published
2018-12-26
Updated
2020-08-24
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP).
Max CVSS
9.8
EPSS Score
0.66%
Published
2018-11-07
Updated
2018-12-11

CVE-2018-18556

Public exploit
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
Max CVSS
9.9
EPSS Score
3.60%
Published
2018-12-17
Updated
2023-01-20
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-10-19
Updated
2019-10-03
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-10-19
Updated
2019-10-03
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Max CVSS
9.8
EPSS Score
0.25%
Published
2018-10-16
Updated
2019-01-18
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
Max CVSS
9.0
EPSS Score
0.10%
Published
2018-10-29
Updated
2019-10-03
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
Max CVSS
9.3
EPSS Score
0.22%
Published
2018-11-27
Updated
2019-10-09
VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-10-30
Updated
2019-10-09
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
Max CVSS
8.8
EPSS Score
0.15%
Published
2018-10-24
Updated
2020-09-18
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-11-02
Updated
2019-10-09
On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.97%
Published
2018-10-02
Updated
2023-04-26
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-12-18
Updated
2021-04-23
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
Max CVSS
8.1
EPSS Score
0.34%
Published
2018-09-23
Updated
2018-11-21

CVE-2018-17153

Public exploit
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
Max CVSS
10.0
EPSS Score
81.61%
Published
2018-09-18
Updated
2023-07-28
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
Max CVSS
9.8
EPSS Score
0.67%
Published
2018-09-12
Updated
2019-10-03
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Max CVSS
8.0
EPSS Score
0.06%
Published
2018-12-18
Updated
2023-08-11
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
Max CVSS
10.0
EPSS Score
1.69%
Published
2018-09-06
Updated
2018-11-14
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
Max CVSS
8.1
EPSS Score
0.07%
Published
2018-10-30
Updated
2019-10-09
363 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!