Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2388
The Storage and Access service in BlackBerry OS 10.x prior to 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent malicious users to read arbitrary files via (1) a session over a Wi-Fi ne...
Blackberry Blackberry Os
Blackberry Q5 -
Blackberry Z10 -
Blackberry Q10 -
Blackberry Z30 -
9.1
CVSSv3
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
9.8
CVSSv3
CVE-2017-15974
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
Datacomponents Tpanel 2009
1 EDB exploit
9.8
CVSSv3
CVE-2021-26600
ImpressCMS prior to 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
Impresscms Impresscms
NA
CVE-2012-6626
SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote malicious users to execute arbitrary SQL commands via the username field.
Brian Cabunac Browser To Email Phone Message System 1.0
1 EDB exploit
NA
CVE-2010-3608
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote malicious users to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
Wire Plastic Design Wpquiz 2.7
1 EDB exploit
NA
CVE-2008-6487
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) admin and (2) password fields.
Digiappz Digiaffiliate
1 EDB exploit
NA
CVE-2008-6750
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
China-on-site Flexphpdirectory 0.0.1
1 EDB exploit
NA
CVE-2006-6848
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
Aspticker Aspticker 1.0
1 EDB exploit
NA
CVE-2009-4722
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Limny Limny 1.01
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »