Filtered by vendor
Subscriptions
Total
160 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-11-21 | N/A |
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | ||||
CVE-2017-6823 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | N/A |
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | ||||
CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2024-11-21 | N/A |
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | ||||
CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2024-11-21 | N/A |
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | ||||
CVE-2017-3191 | 2 D-link, Dlink | 4 Dir-130 Firmware, Dir-330 Firmware, Dir-130 and 1 more | 2024-11-21 | N/A |
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | ||||
CVE-2017-11786 | 1 Microsoft | 2 Lync, Skype For Business | 2024-11-21 | N/A |
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | ||||
CVE-2015-8140 | 1 Ntp | 1 Ntp | 2024-11-21 | N/A |
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | ||||
CVE-2015-8138 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-11-21 | N/A |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | ||||
CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2024-11-21 | 6.5 Medium |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | ||||
CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 5.9 Medium |
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | ||||
CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2024-11-21 | N/A |
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | ||||
CVE-2024-36250 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | 3.1 Low |
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds | ||||
CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2024-10-30 | 5.3 Medium |
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window. | ||||
CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-10-30 | 8.2 High |
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
CVE-2024-46041 | 1 Iothaat | 1 Smart Plug Ih In 16a S | 2024-10-07 | 8.8 High |
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. | ||||
CVE-2024-39081 | 1 Jktyre | 1 Smart Tyre Car \& Bike | 2024-10-01 | 4.2 Medium |
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications. | ||||
CVE-2024-8260 | 3 Microsoft, Openpolicyagent, Redhat | 3 Windows, Open Policy Agent, Openshift Distributed Tracing | 2024-09-19 | 6.1 Medium |
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions. | ||||
CVE-2024-43099 | 1 Automationdirect | 1 H2-dm1e Firmware | 2024-09-14 | 8.8 High |
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack. | ||||
CVE-2024-38890 | 1 Horizoncloud | 1 Caterease | 2024-08-07 | 8.4 High |
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks. |