Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
NA
CVE-2014-8493
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote malicious users to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
Zte Zxhn H108l Firmware 4.0.0d Zrq Gr4
2 EDB exploits
9.8
CVSSv3
CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote malicious user to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Articatech Web Proxy 4.30.000000
1 Github repository
NA
CVE-2008-5589
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote malicious users to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obt...
Katywhitton Rankem
1 EDB exploit
NA
CVE-2009-4870
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote malicious users to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party in...
Phpcityportal Phpcityportal
1 EDB exploit
NA
CVE-2009-0297
SQL injection vulnerability in login_check.asp in ClickAuction allows remote malicious users to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
Clicktech Clickauction Nil
1 EDB exploit
NA
CVE-2009-0252
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote malicious users to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are o...
Enthrallweb Ereservations
1 EDB exploit
9.8
CVSSv3
CVE-2021-33044
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Sd1a1 Firmware
Dahuasecurity Sd22 Firmware
Dahuasecurity Sd41 Firmware
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware
Dahuasecurity Sd6al Firmware
Dahuasecurity Tpc-bf1241 Firmware
Dahuasecurity Tpc-bf2221 Firmware
Dahuasecurity Tpc-bf5x01 Firmware
Dahuasecurity Tpc-pt8x21b Firmware
Dahuasecurity Tpc-sd2221 Firmware
Dahuasecurity Tpc-sd8x21 Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Tpc-bf5x21 Firmware
19 Github repositories
9.8
CVSSv3
CVE-2021-33045
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Nvr-1xxx Firmware
Dahuasecurity Nvr-2xxx Firmware
Dahuasecurity Nvr-4xxx Firmware
Dahuasecurity Nvr-5xxx Firmware
Dahuasecurity Nvr-6xx Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Xvr-4x04 Firmware -
Dahuasecurity Xvr-4x08 Firmware
Dahuasecurity Xvr-4x04 Firmware
Dahuasecurity Xvr-5x04 Firmware
Dahuasecurity Xvr-5x08 Firmware
Dahuasecurity Xvr-5x16 Firmware
Dahuasecurity Xvr-7x16 Firmware
Dahuasecurity Xvr-7x32 Firmware
18 Github repositories
NA
CVE-2012-0913
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote malicious users to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
Icloudcenter Ictimeattendance 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »