Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8493
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote malicious users to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
Zte Zxhn H108l Firmware 4.0.0d Zrq Gr4
2 EDB exploits
9.8
CVSSv3
CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote malicious user to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Articatech Web Proxy 4.30.000000
1 Github repository
NA
CVE-2008-5632
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party informa...
Activewebsoftwares Active Time Billing 3.2
2 EDB exploits
NA
CVE-2008-5974
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) password and (2) username fields.
Activewebsoftwares Active Price Comparison 4.0
2 EDB exploits
9.8
CVSSv3
CVE-2017-14244
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows malicious users to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
Iball Ib-wra150n Firmware Fw Ib-lr7011a 1.0.2
1 EDB exploit
1 Github repository
7.3
CVSSv3
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
7.3
CVSSv3
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
NA
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.2
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.0.4
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.2
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.2.2
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.9
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.9.2
1 EDB exploit
NA
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 up to and including 4.6.3 allows remote malicious users to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.16
Strongswan Strongswan 4.5.3
Strongswan Strongswan 4.5.2
Strongswan Strongswan 4.4.0
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.5.1
Strongswan Strongswan 4.2.14
Strongswan Strongswan 4.3.5
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.3.2
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.8
Strongswan Strongswan 4.3.3
Strongswan Strongswan 4.6.2
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.3.0
Strongswan Strongswan 4.6.1
NA
CVE-2011-1519
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote malicious users to bypass authentication, and consequently execute arbitrary code, by placi...
Ibm Lotus Domino 7.0.2.2
Ibm Lotus Domino 7.0.4
Ibm Lotus Domino 7.0.4.2
Ibm Lotus Domino 7.0.1.1
Ibm Lotus Domino 7.0.2.1
Ibm Lotus Domino 7.0.2.3
Ibm Lotus Domino 7.0.4.1
Ibm Lotus Domino 7.0.3
Ibm Lotus Domino 7.0
Ibm Lotus Domino 7.0.2
Ibm Lotus Domino 7.0.1
Ibm Lotus Domino 7.0.3.1
Ibm Lotus Domino 8.0.2.4
Ibm Lotus Domino 8.5.1.1
Ibm Lotus Domino 8.5.1.4
Ibm Lotus Domino 8.0.2
Ibm Lotus Domino 8.5.2.2
Ibm Lotus Domino 8.0.2.3
Ibm Lotus Domino 8.5.2.1
Ibm Lotus Domino 8.5.1
Ibm Lotus Domino 8.5.0.1
Ibm Lotus Domino 8.5.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »