Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2018-18061
An issue exists in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.
Tecrail Responsive Filemanager 9.8.1
505
VMScore
CVE-2018-6180
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
Themashabrand Online Voting Platform 1.0
1 EDB exploit
505
VMScore
CVE-2017-5496
Sawmill Enterprise 8.7.9 allows remote malicious users to gain login access by leveraging knowledge of a password hash.
Sawmill Sawmill 8.7.9
1 EDB exploit
1000
VMScore
CVE-2014-5246
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote malicious users to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
Tenda A5s Firmware 3.02.05 Cn
Tenda A5s -
1 EDB exploit
258
VMScore
CVE-2018-16242
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows malicious users to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
O.bike Smart Locker Firmware -
O.bike Obike-stationless Bike Sharing 2.5.4
1 Github repository
389
VMScore
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
20 Github repositories
890
VMScore
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
1000
VMScore
CVE-2014-7279
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote malicious users to obtain "equipment management authority" via TCP traffic to port 23.
Kankunit Konke Smart Plug Firmware K
1 EDB exploit
765
VMScore
CVE-2005-1787
setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.
Phpstat Phpstat -
3 EDB exploits
405
VMScore
CVE-2013-1727
Mozilla Firefox prior to 24.0 on Android allows malicious users to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Mozilla Firefox 19.0
Mozilla Firefox 22.0
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox 19.0.2
Mozilla Firefox 19.0.1
Mozilla Firefox 23.0
Mozilla Firefox 21.0
Mozilla Firefox 20.0.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »