Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6749
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
China-on-site Flexphpdirectory 0.0.1
1 EDB exploit
NA
CVE-2008-6750
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
China-on-site Flexphpdirectory 0.0.1
1 EDB exploit
NA
CVE-2009-4733
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
Supercrackmunkey Simpleloginsys 0.5
1 EDB exploit
9.8
CVSSv3
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
NA
CVE-2008-6487
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) admin and (2) password fields.
Digiappz Digiaffiliate
1 EDB exploit
NA
CVE-2014-3781
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear prior to 2.6.3 allows remote malicious users to bypass authentication via an empty password in an XML-RPC request.
Dotclear Dotclear
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
NA
CVE-2007-2822
TutorialCMS 1.01 and previous versions, when register_globals is enabled, allows remote malicious users to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Wavelink Media Tutorialcms
1 EDB exploit
NA
CVE-2008-6241
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (ak...
China-on-site Flexphpsite 0.0.1
China-on-site Flexphpsite 0.0.7
1 EDB exploit
NA
CVE-2008-6270
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote malicious users to execute arbitrary SQL command via the user parameter.
Miticdjd Apoll 0.7
Miticdjd Apoll 0.7.5
1 EDB exploit
NA
CVE-2008-6272
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote malicious users to execute arbitrary SQL command via the pass parameter.
Miticdjd Apoll 0.7
Miticdjd Apoll 0.7.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »