Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-6966
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote malicious users to bypass authentication via a direct request to admin/user.php.
Aj Square Aj Auction 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-0707
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote malicious users to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
Powerscripts Powerclan 1.14a
1 EDB exploit
7.5
CVSSv2
CVE-2009-0810
SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote malicious users to execute arbitrary SQL commands via the user parameter.
Xatrix Xguestbook 2.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
Arabless Saphplesson 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-0451
SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote malicious users to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.
Skalinks Skalinks 1.5
1 EDB exploit
7.5
CVSSv2
CVE-2009-4933
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote malicious users to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
Winterwebs Ezwebitor
1 EDB exploit
6.8
CVSSv2
CVE-2008-5817
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote malicious users to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
Web Scribble Solutions Webclassifieds 2005
1 EDB exploit
9.3
CVSSv2
CVE-2007-2822
TutorialCMS 1.01 and previous versions, when register_globals is enabled, allows remote malicious users to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Wavelink Media Tutorialcms
1 EDB exploit
7.5
CVSSv2
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
NA
CVE-2020-283332
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »