Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-15813
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
Sentrifugo Sentrifugo 3.2
1 EDB exploit
2 Github repositories
10
CVSSv2
CVE-2014-7279
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote malicious users to obtain "equipment management authority" via TCP traffic to port 23.
Kankunit Konke Smart Plug Firmware K
1 EDB exploit
4.3
CVSSv2
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
19 Github repositories
10
CVSSv2
CVE-2014-5246
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote malicious users to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
Tenda A5s Firmware 3.02.05 Cn
Tenda A5s -
1 EDB exploit
7.5
CVSSv2
CVE-2005-1787
setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.
Phpstat Phpstat -
3 EDB exploits
4
CVSSv2
CVE-2013-1727
Mozilla Firefox prior to 24.0 on Android allows malicious users to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Mozilla Firefox 19.0
Mozilla Firefox 22.0
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox 19.0.2
Mozilla Firefox 19.0.1
Mozilla Firefox 23.0
Mozilla Firefox 21.0
Mozilla Firefox 20.0.1
1 EDB exploit
10
CVSSv2
CVE-2021-33044
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Sd1a1 Firmware
Dahuasecurity Sd22 Firmware
Dahuasecurity Sd41 Firmware
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware
Dahuasecurity Sd6al Firmware
Dahuasecurity Tpc-bf1241 Firmware
Dahuasecurity Tpc-bf2221 Firmware
Dahuasecurity Tpc-bf5x01 Firmware
Dahuasecurity Tpc-pt8x21b Firmware
Dahuasecurity Tpc-sd2221 Firmware
Dahuasecurity Tpc-sd8x21 Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Tpc-bf5x21 Firmware
19 Github repositories
10
CVSSv2
CVE-2021-33045
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Nvr-1xxx Firmware
Dahuasecurity Nvr-2xxx Firmware
Dahuasecurity Nvr-4xxx Firmware
Dahuasecurity Nvr-5xxx Firmware
Dahuasecurity Nvr-6xx Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Xvr-4x04 Firmware -
Dahuasecurity Xvr-4x08 Firmware
Dahuasecurity Xvr-4x04 Firmware
Dahuasecurity Xvr-5x04 Firmware
Dahuasecurity Xvr-5x08 Firmware
Dahuasecurity Xvr-5x16 Firmware
Dahuasecurity Xvr-7x16 Firmware
Dahuasecurity Xvr-7x32 Firmware
18 Github repositories
7.5
CVSSv2
CVE-2009-1804
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Videoscript Youtube Video Script -
1 EDB exploit
6.8
CVSSv2
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and previous versions, when running on Windows, allows remote malicious users to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess t...
Twiki Twiki
Microsoft Windows -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26101
buffer overflow
CVE-2022-26766
CVE-2022-46689
CVE-2024-26124
CVE-2024-26059
firmware
hard-coded
CVE-2024-26118
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »