Authentication Bypass

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to ABB AWIN GW100 and GW120 devices, potentially letting them control or manipulate the system. To exploit this, the attacker needs to capture valid authentication data and replay it, which could happen if the data is not properly secured during transmission.

This vulnerability allows attackers to gain full administrative access to the PHP stock news site script without needing a valid username or password. They can exploit this by entering specially crafted input in the login form, which tricks the system into bypassing security checks.

This vulnerability allows attackers to gain unauthorized access to the administration panel of a PHP stock news site script without needing valid login credentials. They can exploit this by entering specific SQL commands in the username and password fields, making it easy for anyone to take control if they know how to craft the right input.

This vulnerability allows attackers to gain unauthorized access to the administration panel of a PHP stock news site script without needing valid login credentials. By exploiting weaknesses in how the script handles login information, attackers can use specially crafted input to bypass security and control the site.

This vulnerability allows attackers to log in as any existing user, including administrators, by using a valid OAuth token from their own account and the victim's email address. The issue arises because the plugin does not properly check if the email matches the one linked to the OAuth token, making it easy for unauthenticated users to bypass login security.

This vulnerability allows an attacker to bypass authentication by reusing session IDs, which means they could gain unauthorized access to a user's account without needing their password. It affects the RustDesk Client versions up to 1.4.5 on multiple platforms, and it requires the attacker to capture a valid session ID from a user.

This vulnerability allows an attacker to bypass authentication on devices running HarmonyOS, potentially giving them unauthorized access to sensitive data and control over the device. To exploit this, the attacker would need to target the device's authentication module, which could lead to serious breaches of privacy and security.

An attacker can access live video streams from Pelco Sarix Professional 3 Series Cameras without proper login credentials, putting privacy and security at risk. This vulnerability occurs because the camera's web management interface does not properly enforce access controls, allowing unauthorized users to view sensitive footage.

This vulnerability allows an attacker to gain unauthorized access to the Remote Access Server feature in VLC for Android by repeatedly guessing a one-time password (OTP) without being locked out. The attacker needs to be able to reach the server over the network, and if successful, they can access media files that the legitimate user has shared.

This vulnerability allows an attacker to bypass authentication on the Antikor Next Generation Firewall, potentially giving them unauthorized access to critical functions of the firewall. It affects versions from 2.0.1298 to just before 2.0.1301, meaning that any system running these versions is at risk if not updated.

This vulnerability allows an attacker to bypass authentication and gain access to user accounts without needing the victim's password. It affects specific versions of OGP-Website prior to a certain commit, meaning systems running those versions are at risk if not updated.

This vulnerability allows an attacker to bypass two-factor authentication on WordPress sites using the affected plugin, enabling them to log in without the second verification step. To exploit this, the attacker simply needs to include any value in the 'token' parameter during the login process, which could even be left empty.

This vulnerability allows an attacker to gain higher access privileges in the FlexCity/Kiosk software, potentially letting them control the system without proper authentication. It affects versions before 1.0.36, meaning anyone using an older version is at risk.

This vulnerability allows an attacker to bypass authentication and gain direct access to sensitive information or critical systems in ConnectWise ScreenConnect. It affects versions 23.9.7 and earlier, meaning that if you're using these versions, your system could be at risk.

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Microweber application, potentially letting them control the system or access sensitive data. It affects versions prior to 1.2.20, meaning users running older versions are at risk if they haven't updated.

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Unraid system. It can be exploited without needing any special conditions, making it a serious risk for users running version 6.8.0.

This vulnerability allows an attacker to trick a system into thinking they are a different user, potentially gaining unauthorized access to sensitive data or functions. To exploit this, the attacker needs write access to their own home directory and can manipulate a specific file to bypass authentication checks.