Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11094
An issue exists on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, passwo...
Intelbras Ncloud 300 Firmware 1.0
1 EDB exploit
NA
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 up to and including 4.6.3 allows remote malicious users to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.16
Strongswan Strongswan 4.5.3
Strongswan Strongswan 4.5.2
Strongswan Strongswan 4.4.0
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.5.1
Strongswan Strongswan 4.2.14
Strongswan Strongswan 4.3.5
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.3.2
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.8
Strongswan Strongswan 4.3.3
Strongswan Strongswan 4.6.2
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.3.0
Strongswan Strongswan 4.6.1
9.8
CVSSv3
CVE-2017-14244
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows malicious users to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
Iball Ib-wra150n Firmware Fw Ib-lr7011a 1.0.2
1 EDB exploit
1 Github repository
NA
CVE-2009-4870
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote malicious users to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party in...
Phpcityportal Phpcityportal
1 EDB exploit
NA
CVE-2008-5589
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote malicious users to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obt...
Katywhitton Rankem
1 EDB exploit
NA
CVE-2009-0252
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote malicious users to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are o...
Enthrallweb Ereservations
1 EDB exploit
NA
CVE-2009-0297
SQL injection vulnerability in login_check.asp in ClickAuction allows remote malicious users to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
Clicktech Clickauction Nil
1 EDB exploit
NA
CVE-2012-0913
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote malicious users to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
Icloudcenter Ictimeattendance 1.0
1 EDB exploit
NA
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and previous versions, when running on Windows, allows remote malicious users to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess t...
Twiki Twiki
Microsoft Windows -
NA
CVE-2009-1804
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Videoscript Youtube Video Script -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »