Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1852
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote malicious users to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
Graphiks Myforum 1.3
1 EDB exploit
6.8
CVSSv2
CVE-2009-2018
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the authuserid parameter.
Jaredeckersley Mycars
1 EDB exploit
7.5
CVSSv2
CVE-2005-1149
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameters.
1 EDB exploit
7.5
CVSSv2
CVE-2009-0462
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote malicious users to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.a...
Clicktech Clickcart 6.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
Arabless Saphplesson 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-5633
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Activewebsoftwares Activevotes 2.2
1 EDB exploit
7.5
CVSSv2
CVE-2008-6487
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) admin and (2) password fields.
Digiappz Digiaffiliate
1 EDB exploit
5
CVSSv2
CVE-2005-3432
MiniGal 2 (MG2) 0.5.1 allows remote malicious users to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.
Thomas Rybak Minigal 2 0.5.1
Thomas Rybak Minigal 2 B13
1 EDB exploit
7.5
CVSSv2
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
7.5
CVSSv2
CVE-2006-2116
planetGallery allows remote malicious users to gain administrator privileges via a direct request to admin/gallery_admin.php.
Planet Concept Planetgallery
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »