映射到 CWE-287 的搜索结果 (1087)
Apache CXF 2.4.5版本和2.5.1版本中存在安全绕过漏洞。攻击者可利用此漏洞绕过UsernameToken政策并获取对受限服务的访问权。
[原文]A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
[原文]A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.
[原文]A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V22.214.171.124) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V126.96.36.199). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.
[原文]Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
[原文]It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.