Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
Max CVSS
7.5
EPSS Score
0.17%
Published
2017-09-14
Updated
2022-12-21
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
Max CVSS
4.3
EPSS Score
0.06%
Published
2017-09-14
Updated
2019-10-03
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-11-03
Updated
2017-11-13
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.
Max CVSS
4.3
EPSS Score
0.05%
Published
2017-10-05
Updated
2019-10-03
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.
Max CVSS
8.5
EPSS Score
0.05%
Published
2017-10-05
Updated
2019-10-03
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Max CVSS
8.1
EPSS Score
0.45%
Published
2017-07-17
Updated
2019-10-03
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-07-17
Updated
2020-08-05
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-07-17
Updated
2017-07-21
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."
Max CVSS
10.0
EPSS Score
0.30%
Published
2017-07-17
Updated
2017-08-15
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.
Max CVSS
9.8
EPSS Score
0.66%
Published
2017-12-20
Updated
2018-01-12

CVE-2017-17560

Public exploit
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
Max CVSS
10.0
EPSS Score
97.24%
Published
2017-12-12
Updated
2019-05-28
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials.
Max CVSS
8.8
EPSS Score
0.08%
Published
2017-12-07
Updated
2017-12-22
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
Max CVSS
9.8
EPSS Score
0.50%
Published
2017-12-07
Updated
2019-10-03
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Max CVSS
7.5
EPSS Score
4.39%
Published
2017-12-01
Updated
2017-12-28
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-12-22
Updated
2019-10-09
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
Max CVSS
8.8
EPSS Score
0.22%
Published
2017-12-12
Updated
2018-01-04
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
Max CVSS
9.8
EPSS Score
0.50%
Published
2017-12-12
Updated
2017-12-22

CVE-2017-16651

Known exploited
Public exploit
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.
Max CVSS
7.8
EPSS Score
1.48%
Published
2017-11-09
Updated
2021-03-04
CISA KEV Added
2021-11-03
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-11-10
Updated
2017-11-28
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
Max CVSS
9.8
EPSS Score
0.44%
Published
2017-11-21
Updated
2017-12-12
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
Max CVSS
10.0
EPSS Score
0.42%
Published
2017-11-17
Updated
2021-04-20
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
Max CVSS
9.8
EPSS Score
78.51%
Published
2017-11-10
Updated
2019-10-03
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.05%
Published
2017-12-08
Updated
2019-10-09
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
Max CVSS
7.5
EPSS Score
0.27%
Published
2017-10-16
Updated
2018-12-10
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
Max CVSS
10.0
EPSS Score
0.32%
Published
2017-10-16
Updated
2019-10-03
857 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!