Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1787
setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.
Phpstat Phpstat -
3 EDB exploits
NA
CVE-2005-0614
sessions.php in phpBB 2.0.12 and previous versions allows remote malicious users to gain administrator privileges via the autologinid value in a cookie.
Phpbb Group Phpbb 1.0.0
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 1.2.0
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 1.4.0
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.7a
3 EDB exploits
NA
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.3
Phpmyadmin Phpmyadmin 1.2.9.5
Phpmyadmin Phpmyadmin 1.2.9.4
Phpmyadmin Phpmyadmin 1.2.9.3
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.2.9.2
Phpmyadmin Phpmyadmin 1.2.9
1 EDB exploit
7.3
CVSSv3
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
7.3
CVSSv3
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
NA
CVE-2014-8493
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote malicious users to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
Zte Zxhn H108l Firmware 4.0.0d Zrq Gr4
2 EDB exploits
9.8
CVSSv3
CVE-2018-11094
An issue exists on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, passwo...
Intelbras Ncloud 300 Firmware 1.0
1 EDB exploit
NA
CVE-2008-5974
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) password and (2) username fields.
Activewebsoftwares Active Price Comparison 4.0
2 EDB exploits
NA
CVE-2011-1519
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote malicious users to bypass authentication, and consequently execute arbitrary code, by placi...
Ibm Lotus Domino 7.0.2.3
Ibm Lotus Domino 7.0.3.1
Ibm Lotus Domino 7.0.4.1
Ibm Lotus Domino 7.0.4.2
Ibm Lotus Domino 7.0.1.1
Ibm Lotus Domino 7.0.2
Ibm Lotus Domino 7.0.1
Ibm Lotus Domino 7.0.2.1
Ibm Lotus Domino 7.0
Ibm Lotus Domino 7.0.2.2
Ibm Lotus Domino 7.0.3
Ibm Lotus Domino 7.0.4
Ibm Lotus Domino 8.5.1.3
Ibm Lotus Domino 8.0.1
Ibm Lotus Domino 8.5.1
Ibm Lotus Domino 8.5.2
Ibm Lotus Domino 8.5.3
Ibm Lotus Domino 8.0.2
Ibm Lotus Domino 8.0.2.6
Ibm Lotus Domino 8.0.2.3
Ibm Lotus Domino 8.5.1.4
Ibm Lotus Domino 8.5.1.1
1 EDB exploit
NA
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 up to and including 4.6.3 allows remote malicious users to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
Strongswan Strongswan 4.2.16
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.15
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.3.2
Strongswan Strongswan 4.6.0
Strongswan Strongswan 4.6.1
Strongswan Strongswan 4.4.1
Strongswan Strongswan 4.2.11
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.3.5
Strongswan Strongswan 4.4.0
Strongswan Strongswan 4.5.1
Strongswan Strongswan 4.5.0
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.2.4
Strongswan Strongswan 4.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »