Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
4.1
CVSSv3
CVE-2018-0250
A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent malicious user to bypass a configured FlexConnect access control list (...
Cisco Aironet Access Point Software 8.2(160.0)
Cisco Aironet Access Point Software 8.4(100.0)
Cisco Aironet Access Point Software 8.7(1.3)
4.6
CVSSv3
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical malicious user to replay valid user session credentials and gain unauthorized access to an affecte...
Cisco Duo
Cisco Duo Authentication For Windows Logon And Rdp
6.6
CVSSv3
CVE-2023-20199
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical malicious user to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the ...
Cisco Duo
7.5
CVSSv3
CVE-2023-20107
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls c...
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense
NA
CVE-2008-6309
SQL injection vulnerability in index.php in W3matter AskPert allows remote malicious users to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
W3matter Askpert -
2 EDB exploits
NA
CVE-2008-6310
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote malicious users to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
W3matter Revsense 1.0
2 EDB exploits
NA
CVE-2006-2369
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote malicious users to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if...
Vnc Realvnc 4.1.1
4 EDB exploits
2 Nmap scripts
2 Github repositories
NA
CVE-2012-6066
freeSSHd.exe in freeSSHd up to and including 1.2.6 allows remote malicious users to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Freesshd Freesshd 1.2.1
Freesshd Freesshd
Freesshd Freesshd 1.2.2
3 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2019-17662
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be ...
Cybelsoft Thinvnc 1.0
1 EDB exploit
10 Github repositories
NA
CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote malicious users to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due t...
Natterchat Natterchat 1.12
Natterchat Natterchat 1.1
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »