Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20199
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical malicious user to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the ...
Cisco Duo
7.5
CVSSv2
CVE-2008-6309
SQL injection vulnerability in index.php in W3matter AskPert allows remote malicious users to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
W3matter Askpert -
2 EDB exploits
7.5
CVSSv2
CVE-2008-6310
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote malicious users to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
W3matter Revsense 1.0
2 EDB exploits
7.5
CVSSv2
CVE-2006-2369
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote malicious users to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if...
Vnc Realvnc 4.1.1
4 EDB exploits
2 Nmap scripts
2 Github repositories
9.3
CVSSv2
CVE-2012-6066
freeSSHd.exe in freeSSHd up to and including 1.2.6 allows remote malicious users to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
Freesshd Freesshd
Freesshd Freesshd 1.2.1
Freesshd Freesshd 1.2.2
3 EDB exploits
1 Github repository
5
CVSSv2
CVE-2019-17662
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be ...
Cybelsoft Thinvnc 1.0
1 EDB exploit
10 Github repositories
7.5
CVSSv2
CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote malicious users to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due t...
Natterchat Natterchat 1.12
Natterchat Natterchat 1.1
2 EDB exploits
7.5
CVSSv2
CVE-2018-8096
Datalust Seq prior to 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
Datalust Seq
1 EDB exploit
5.4
CVSSv2
CVE-2017-12281
A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent malicious user to bypass authentication and...
Cisco Aironet 1800 Firmware -
Cisco Aironet 2800 Firmware -
Cisco Aironet 3800 Firmware -
NA
CVE-2023-20107
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls c...
Cisco Adaptive Security Appliance
Cisco Firepower Threat Defense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »