Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
2.9
CVSSv2
CVE-2018-16242
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows malicious users to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
O.bike Smart Locker Firmware -
O.bike Obike-stationless Bike Sharing 2.5.4
1 Github repository
4.3
CVSSv2
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
20 Github repositories
10
CVSSv2
CVE-2014-7279
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote malicious users to obtain "equipment management authority" via TCP traffic to port 23.
Kankunit Konke Smart Plug Firmware K
1 EDB exploit
7.5
CVSSv2
CVE-2005-1787
setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.
Phpstat Phpstat -
3 EDB exploits
4
CVSSv2
CVE-2013-1727
Mozilla Firefox prior to 24.0 on Android allows malicious users to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Mozilla Firefox
Mozilla Firefox 19.0
Mozilla Firefox 19.0.1
Mozilla Firefox 19.0.2
Mozilla Firefox 20.0
Mozilla Firefox 20.0.1
Mozilla Firefox 21.0
Mozilla Firefox 22.0
Mozilla Firefox 23.0
1 EDB exploit
7.5
CVSSv2
CVE-2005-0614
sessions.php in phpBB 2.0.12 and previous versions allows remote malicious users to gain administrator privileges via the autologinid value in a cookie.
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 1.4.4
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 1.0.0
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.6c
3 EDB exploits
6.8
CVSSv2
CVE-2016-3237
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle malicious users to bypass authentication via vectors related to a...
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Rt -
Microsoft Windows 10 1511
Microsoft Windows 8.1 -
Microsoft Windows Server 2008 -
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Vista -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
1 EDB exploit
6.8
CVSSv2
CVE-2007-3378
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and previous versions, and PHP 5 5.2.3 and previous versions, when invoked from a .htaccess file, allow remote malicious users to bypass safe_mode and open_basedir restrictions and possibly execute a...
Php Php
7.5
CVSSv2
CVE-2018-8898
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated malicious users to perform arbitrary modification (r...
Dlink Dsl-3782 Firmware 3.10.0.24
1 EDB exploit
4.6
CVSSv2
CVE-2018-14894
CyberArk Endpoint Privilege Manager 10.2.1.603 and previous versions allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
Cyberark Endpoint Privilege Manager
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »