Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5496
Sawmill Enterprise 8.7.9 allows remote malicious users to gain login access by leveraging knowledge of a password hash.
Sawmill Sawmill 8.7.9
1 EDB exploit
NA
CVE-2009-2863
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 up to and including 12.4 allows remote malicious users to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Cisco Ios 12.3ym
Cisco Ios 12.3xr
Cisco Ios 12.0xk
Cisco Ios 12.4t
Cisco Ios 12.0xr
Cisco Ios 12.1xm
Cisco Ios 12.1xi
Cisco Ios 12.2sga
Cisco Ios 12.1e
Cisco Ios 12.1xc
Cisco Ios 12.3ya
Cisco Ios 12.1xp
Cisco Ios 12.2cz
Cisco Ios 12.2sxf
Cisco Ios 12.1yd
Cisco Ios 12.2irc
Cisco Ios 12.2xe
Cisco Ios 12.2sx
Cisco Ios 12.3xg
Cisco Ios 12.4xj
Cisco Ios 12.3xd
Cisco Ios 12.4mr
9.8
CVSSv3
CVE-2014-7279
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote malicious users to obtain "equipment management authority" via TCP traffic to port 23.
Kankunit Konke Smart Plug Firmware K
1 EDB exploit
NA
CVE-2014-5246
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote malicious users to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
Tenda A5s Firmware 3.02.05 Cn
Tenda A5s -
1 EDB exploit
9.8
CVSSv3
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Adaudit Plus
NA
CVE-2005-1787
setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.
Phpstat Phpstat -
3 EDB exploits
NA
CVE-2005-0614
sessions.php in phpBB 2.0.12 and previous versions allows remote malicious users to gain administrator privileges via the autologinid value in a cookie.
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 1.4.4
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 1.0.0
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.6c
3 EDB exploits
NA
CVE-2008-5974
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) password and (2) username fields.
Activewebsoftwares Active Price Comparison 4.0
2 EDB exploits
NA
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.2
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.0.4
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.2
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.2.2
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.9
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.9.2
1 EDB exploit
NA
CVE-2011-1519
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote malicious users to bypass authentication, and consequently execute arbitrary code, by placi...
Ibm Lotus Domino 7.0.2.2
Ibm Lotus Domino 7.0.4
Ibm Lotus Domino 7.0.4.2
Ibm Lotus Domino 7.0.1.1
Ibm Lotus Domino 7.0.2.1
Ibm Lotus Domino 7.0.2.3
Ibm Lotus Domino 7.0.4.1
Ibm Lotus Domino 7.0.3
Ibm Lotus Domino 7.0
Ibm Lotus Domino 7.0.2
Ibm Lotus Domino 7.0.1
Ibm Lotus Domino 7.0.3.1
Ibm Lotus Domino 8.0.2.4
Ibm Lotus Domino 8.5.1.1
Ibm Lotus Domino 8.5.1.4
Ibm Lotus Domino 8.0.2
Ibm Lotus Domino 8.5.2.2
Ibm Lotus Domino 8.0.2.3
Ibm Lotus Domino 8.5.2.1
Ibm Lotus Domino 8.5.1
Ibm Lotus Domino 8.5.0.1
Ibm Lotus Domino 8.5.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »