The Progress Telerik Report Server 2024 Q1 version 10.0.24.305 and earlier allows attackers to bypass authentication. This vulnerability has been assigned CVE-2024-4358.
An authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager API allows unauthorized access to a selected account. By exploiting this vulnerability, an attacker can add an SSH key to the authorized_keys file of the chosen account, enabling them to log in to the system with that account. Successful exploitation can lead to remote code execution.
The compop.ca 3.5.3 version of the restaurant management system is susceptible to arbitrary code execution due to the insecure implementation of authentication using a Unix timestamp parameter ('ts') in the URL. This vulnerability allows attackers to manipulate the timestamp parameter, which lacks proper authentication controls.
The Netman 204 device is vulnerable to unauthorized access and command injection. Attackers can exploit this vulnerability to execute remote commands without authentication. By using specific URLs, attackers can access different panels with default or backdoor credentials, allowing them to view critical information and perform actions without proper authorization.
The exploit allows unauthenticated attackers to log in as any existing user, including administrators, on the site by exploiting an authentication bypass vulnerability in Really Simple Security < 9.1.2. This vulnerability occurs when the 'Two-Factor Authentication' setting is enabled. The tool is designed for security assessments and should be used responsibly.
The Intelight X-1L Traffic controller Maxtime 1.9.6 allows remote attackers to bypass authentication to gain full control of traffic controllers, modify traffic light sequences, trigger denial of service, and cause traffic congestion. This vulnerability exists in the web-based UI of Traffic Controllers running version 1.9.x firmware due to lack of authentication before allowing access to critical functionality.
The exploit allows an attacker to take over accounts in Cisco Smart Software Manager On-Prem version 8-202206 and earlier. By obtaining necessary tokens, the attacker can gain unauthorized access to user accounts.
The vulnerability in Next.js versions 13.0.0 to 13.5.8, 14.0.0 to 14.2.24, 15.0.0 to 15.2.2, and 11.1.4 to 12.3.4 allows attackers to bypass middleware restrictions. Exploiting this vulnerability can lead to unauthorized access or execution of malicious actions.
The Elber Wayber Analog/Digital Audio STL version 3.0.0 and below, including Firmware versions 4.00 Rev. 1501, 4.00 Rev. 1516, and 3.00 Rev. 1350, are vulnerable to an authentication bypass. By exploiting this vulnerability, an attacker can gain unauthorized access to the password management functionality, allowing them to change passwords for any user in the system. This unauthorized access compromises the security of the device.
The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.
Services By CQR