Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
Phoenixcontact Ilc Plcs Firmware -
1 EDB exploit
6.8
CVSSv2
CVE-2016-3237
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle malicious users to bypass authentication via vectors related to a...
Microsoft Windows Server 2012 -
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1 -
Microsoft Windows Server 2008 R2
Microsoft Windows 10 1511
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2008 -
Microsoft Windows 10 -
Microsoft Windows Rt -
Microsoft Windows 7 -
Microsoft Windows Vista -
1 EDB exploit
10
CVSSv2
CVE-2017-14244
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows malicious users to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
Iball Ib-wra150n Firmware Fw Ib-lr7011a 1.0.2
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2012-5469
The Portable phpMyAdmin plugin prior to 1.3.1 for WordPress allows remote malicious users to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
Phpmyadmin Phpmyadmin 1.2.7
Phpmyadmin Phpmyadmin 1.2.6
Phpmyadmin Phpmyadmin 1.2.5
Phpmyadmin Phpmyadmin 1.2.4
Phpmyadmin Phpmyadmin 1.0.1
Phpmyadmin Phpmyadmin 1.0.0
Phpmyadmin Phpmyadmin 1.3
Phpmyadmin Phpmyadmin 1.2.9.5
Phpmyadmin Phpmyadmin 1.2.9.4
Phpmyadmin Phpmyadmin 1.2.9.3
Phpmyadmin Phpmyadmin 1.1
Phpmyadmin Phpmyadmin 1.0.8
Phpmyadmin Phpmyadmin 1.0.7
Phpmyadmin Phpmyadmin 1.0.6
Phpmyadmin Phpmyadmin 1.2.9.1
Phpmyadmin Phpmyadmin 1.2.8
Phpmyadmin Phpmyadmin 1.2.3
Phpmyadmin Phpmyadmin 1.2.1
Phpmyadmin Phpmyadmin 1.0.5
Phpmyadmin Phpmyadmin 1.0.3
Phpmyadmin Phpmyadmin 1.2.9.2
Phpmyadmin Phpmyadmin 1.2.9
1 EDB exploit
10
CVSSv2
CVE-2018-11094
An issue exists on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, passwo...
Intelbras Ncloud 300 Firmware 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 up to and including 4.6.3 allows remote malicious users to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
Strongswan Strongswan 4.2.16
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.15
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.3.2
Strongswan Strongswan 4.6.0
Strongswan Strongswan 4.6.1
Strongswan Strongswan 4.4.1
Strongswan Strongswan 4.2.11
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.3.5
Strongswan Strongswan 4.4.0
Strongswan Strongswan 4.5.1
Strongswan Strongswan 4.5.0
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.2.4
Strongswan Strongswan 4.3.4
7.5
CVSSv2
CVE-2008-5974
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) password and (2) username fields.
Activewebsoftwares Active Price Comparison 4.0
2 EDB exploits
7.5
CVSSv2
CVE-2018-8898
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated malicious users to perform arbitrary modification (r...
Dlink Dsl-3782 Firmware 3.10.0.24
1 EDB exploit
7.5
CVSSv2
CVE-2008-5632
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party informa...
Activewebsoftwares Active Time Billing 3.2
2 EDB exploits
10
CVSSv2
CVE-2011-1519
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote malicious users to bypass authentication, and consequently execute arbitrary code, by placi...
Ibm Lotus Domino 7.0.2.3
Ibm Lotus Domino 7.0.3.1
Ibm Lotus Domino 7.0.4.1
Ibm Lotus Domino 7.0.4.2
Ibm Lotus Domino 7.0.1.1
Ibm Lotus Domino 7.0.2
Ibm Lotus Domino 7.0.1
Ibm Lotus Domino 7.0.2.1
Ibm Lotus Domino 7.0
Ibm Lotus Domino 7.0.2.2
Ibm Lotus Domino 7.0.3
Ibm Lotus Domino 7.0.4
Ibm Lotus Domino 8.5.1.3
Ibm Lotus Domino 8.0.1
Ibm Lotus Domino 8.5.1
Ibm Lotus Domino 8.5.2
Ibm Lotus Domino 8.5.3
Ibm Lotus Domino 8.0.2
Ibm Lotus Domino 8.0.2.6
Ibm Lotus Domino 8.0.2.3
Ibm Lotus Domino 8.5.1.4
Ibm Lotus Domino 8.5.1.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26101
buffer overflow
CVE-2022-26766
CVE-2022-46689
CVE-2024-26124
CVE-2024-26059
firmware
hard-coded
CVE-2024-26118
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »