Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19411

19411 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2008-5673 phparanoid 权限许可和访问控制漏洞 — n/a 9.8 -2008-12-18
CVE-2008-5408 Symantec Backup Exec for Windows Servers 数据管理协议缓冲区溢出漏洞 — n/a 8.8 -2008-12-09
CVE-2008-4875 Philips VOIP841 DECT Phone web GET请求目录遍历漏洞 — n/a 8.1 -2008-10-31
CVE-2008-3909 Django Login Form 跨站脚本攻击漏洞 — n/a 8.1 -2008-09-04
CVE-2008-3283 RedHat 目录服务器内存泄露 拒绝服务漏洞 — n/a 7.5 -2008-08-29
CVE-2008-1381 ZoneMinder ZoneMinder多个未明远程代码执行漏洞 — n/a 8.8 -2008-05-01
CVE-2008-1923 asterisk 拒绝服务漏洞 — n/a 5.9 -2008-04-23
CVE-2008-1897 Asterisk IAX2报文放大远程拒绝服务漏洞 — n/a 8.8 -2008-04-23
CVE-2008-1813 Oracle 2008年4月更新修复多个安全漏洞 — n/a 9.8 -2008-04-16
CVE-2008-0210 RETIRED: UebiMiau 'error.php'访问控制绕过漏洞 — n/a 9.8 -2008-01-10
CVE-2007-5914 Jean Jean Charles JBC Explorer post.php 直接静态代码注入漏洞 — n/a 9.8 -2007-11-10
CVE-2007-5772 Flatnuke3 文件管理模块 未授权访问漏洞 — n/a 9.8 -2007-11-01
CVE-2003-1434 login_ldap模块未授权访问漏洞 — n/a 9.1 -2007-10-23
CVE-2007-5508 Oracle CTX_DOC软件包多个SQL注入漏洞 — n/a 8.8 -2007-10-17
CVE-2007-5231 Zomplog 'admin/upload_files.php' 不限制文件上传漏洞 — n/a 7.2 -2007-10-05
CVE-2007-4430 Cisco IOS "show ip bgp regexp"命令远程拒绝服务漏洞 — n/a 7.5 -2007-08-20
CVE-2007-4103 Asterisk IAX2隧道驱动拒绝服务攻击漏洞 — n/a 7.5 -2007-07-31
CVE-2007-3312 Jasmine CMS admin/plugin_manager.php 目录遍历漏洞 — n/a 9.8 -2007-06-21
CVE-2007-2912 Jelsoft vBulletin 未明漏洞 — n/a 5.3 -2007-05-30
CVE-2007-2148 Stephen Craton Chatness 'admin/save.php' 直接静态代码注入漏洞 — n/a 6.8 -2007-04-19
CVE-2007-2082 MyBlog 'settings.php'静态代码注入漏洞 — n/a 7.2 -2007-04-18
CVE-2007-1970 Mozilla Firefox HTTP元素 钓鱼攻击漏洞 — n/a 6.5 -2007-04-11
CVE-2007-1255 Connectix Boards dmin.bbcode.php 未限制文件上传漏洞 — n/a 9.8 -2007-03-03
CVE-2007-0370 phpBP 'index.php' RC3文件上传漏洞 — n/a 7.2 -2007-01-19
CVE-2007-0193 FON La Fonera路由器允许匿名Web访问漏洞 — n/a 7.5 -2007-01-11
CVE-2006-6347 TFT-Gallery‘index.php’无限制文件上载漏洞 — n/a 7.2 -2006-12-07
CVE-2006-5986 Extreme admin/options.php 权限认证和访问控制漏洞 — n/a 6.1 -2006-11-20
CVE-2006-4390 Apple Mac OS CFNetwork 匿名SSL连接漏洞 — n/a 6.5 -2006-10-02
CVE-2006-4986 Grayscale BandSite CMS 多个输入验证漏洞 — n/a 7.5 -2006-09-26
CVE-2006-4585 TR Forum SQL注入及认证绕过漏洞 — n/a 8.8 -2006-09-06

Vulnerabilities classified as access:pre-auth represent 19411 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.