Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-43136
An authentication bypass issue in FormaLMS <= 2.4.4 allows an malicious user to bypass the authentication mechanism and obtain a valid access to the platform.
Formalms Formalms
7.5
CVSSv2
CVE-2009-0109
SQL injection vulnerability in index.php in RiotPix 0.61 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
Riotpix Riotpix
Riotpix Riotpix 0.60
Riotpix Riotpix 0.52
Riotpix Riotpix 0.51
Riotpix Riotpix .05
Riotpix Riotpix 0.5
1 EDB exploit
7.5
CVSSv2
CVE-2009-0462
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote malicious users to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.a...
Clicktech Clickcart 6.0
1 EDB exploit
6.4
CVSSv2
CVE-2013-1350
Verax NMS before 2.1.0 has multiple security bypass vulnerabilities
Veraxsystems Network Management System
6.1
CVSSv2
CVE-2014-2388
The Storage and Access service in BlackBerry OS 10.x prior to 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent malicious users to read arbitrary files via (1) a session over a Wi-Fi ne...
Blackberry Blackberry Os
Blackberry Q5 -
Blackberry Z10 -
Blackberry Q10 -
Blackberry Z30 -
9.3
CVSSv2
CVE-2007-2822
TutorialCMS 1.01 and previous versions, when register_globals is enabled, allows remote malicious users to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Wavelink Media Tutorialcms
1 EDB exploit
7.8
CVSSv2
CVE-2014-8425
The management portal in ARRIS VAP2500 before FW08.41 allows remote malicious users to obtain credentials by reading the configuration files.
Arris Vap2500 Firmware
1 EDB exploit
7.5
CVSSv2
CVE-2012-6626
SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote malicious users to execute arbitrary SQL commands via the username field.
Brian Cabunac Browser To Email Phone Message System 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-6272
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote malicious users to execute arbitrary SQL command via the pass parameter.
Miticdjd Apoll 0.7
Miticdjd Apoll 0.7.5
1 EDB exploit
7.5
CVSSv2
CVE-2008-6312
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Manzovi Proquiz 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »