A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...