The Progress Telerik Report Server 2024 Q1 version 10.0.24.305 and earlier allows attackers to bypass authentication. This vulnerability has been assigned CVE-2024-4358.
An authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager API allows unauthorized access to a selected account. By exploiting this vulnerability, an attacker can add an SSH key to the authorized_keys file of the chosen account, enabling them to log in to the system with that account. Successful exploitation can lead to remote code execution.
The Litespeed Cache version 6.5.0.1 allows unauthorized access to user accounts due to improper validation of user cookies. An attacker can exploit this vulnerability to impersonate legitimate users and gain unauthorized access to their accounts.
The Netman 204 device is vulnerable to unauthorized access and command injection. Attackers can exploit this vulnerability to execute remote commands without authentication. By using specific URLs, attackers can access different panels with default or backdoor credentials, allowing them to view critical information and perform actions without proper authorization.
The exploit allows unauthenticated attackers to log in as any existing user, including administrators, on the site by exploiting an authentication bypass vulnerability in Really Simple Security < 9.1.2. This vulnerability occurs when the 'Two-Factor Authentication' setting is enabled. The tool is designed for security assessments and should be used responsibly.
The Elber Wayber Analog/Digital Audio STL version 3.0.0 and below, including Firmware versions 4.00 Rev. 1501, 4.00 Rev. 1516, and 3.00 Rev. 1350, are vulnerable to an authentication bypass. By exploiting this vulnerability, an attacker can gain unauthorized access to the password management functionality, allowing them to change passwords for any user in the system. This unauthorized access compromises the security of the device.
The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.
The Ivanti vADC version 9.9 is susceptible to an authentication bypass vulnerability. By sending a crafted request to the wizard.fcgi endpoint with specific parameters, an attacker can create a new admin user without proper authentication, leading to unauthorized access to the system.
The Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized administrative access by manipulating the set_pwd endpoint to overwrite user passwords within the system. This exploit compromises the security of the device's system.
The Elber Reble610 device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized and administrative access to protected areas of the application. This vulnerability occurs due to a flaw in the password management functionality, specifically in the set_pwd endpoint, which can be manipulated by attackers to overwrite the password of any user within the system.
Services By CQR