Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
Arabless Saphplesson 4.0
1 EDB exploit
NA
CVE-2009-0451
SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote malicious users to execute arbitrary SQL commands via the Admin name field to the default URI under admin/.
Skalinks Skalinks 1.5
1 EDB exploit
NA
CVE-2014-88262
A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine.
NA
CVE-2007-4143
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly...
Phpcoupon Phpcoupon
1 EDB exploit
NA
CVE-2009-4933
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote malicious users to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.
Winterwebs Ezwebitor
1 EDB exploit
NA
CVE-2008-5817
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote malicious users to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
Web Scribble Solutions Webclassifieds 2005
1 EDB exploit
NA
CVE-2007-2822
TutorialCMS 1.01 and previous versions, when register_globals is enabled, allows remote malicious users to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Wavelink Media Tutorialcms
1 EDB exploit
9.8
CVSSv3
CVE-2022-22831
An issue exists in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
Servisnet Tessa 0.0.2
NA
CVE-2020-283332
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed ...
9.8
CVSSv3
CVE-2021-43136
An authentication bypass issue in FormaLMS <= 2.4.4 allows an malicious user to bypass the authentication mechanism and obtain a valid access to the platform.
Formalms Formalms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »