Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2009-0109
SQL injection vulnerability in index.php in RiotPix 0.61 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
Riotpix Riotpix
Riotpix Riotpix 0.60
Riotpix Riotpix 0.52
Riotpix Riotpix 0.51
Riotpix Riotpix .05
Riotpix Riotpix 0.5
1 EDB exploit
445
VMScore
CVE-2020-6862
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
Zte F6x2w Firmware 6.0.10p2t2
Zte F6x2w Firmware 6.0.10p2t5
505
VMScore
CVE-2005-3432
MiniGal 2 (MG2) 0.5.1 allows remote malicious users to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.
Thomas Rybak Minigal 2 0.5.1
Thomas Rybak Minigal 2 B13
1 EDB exploit
755
VMScore
CVE-2006-0153
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote malicious users to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
427bb Fourtwosevenbb 2.2
427bb Fourtwosevenbb 2.2.1
1 EDB exploit
755
VMScore
CVE-2009-0462
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote malicious users to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.a...
Clicktech Clickcart 6.0
1 EDB exploit
755
VMScore
CVE-2009-0493
SQL injection vulnerability in login.php in IT!CMS 2.1a and previous versions allows remote malicious users to execute arbitrary SQL commands via the Username.
Martin Unzner It\\!cms
1 EDB exploit
NA
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows malicious users to bypass brute force protection mechanisms via crafted web requests.
Netgate Pfsense Plus 22.05.1
Pfsense Pfsense 2.6.0
2 Github repositories
NA
CVE-2022-2651
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm before 0.4.5.
Joinbookwyrm Bookwyrm
935
VMScore
CVE-2007-2822
TutorialCMS 1.01 and previous versions, when register_globals is enabled, allows remote malicious users to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Wavelink Media Tutorialcms
1 EDB exploit
685
VMScore
CVE-2007-4385
OWASP Stinger prior to 2.5 allows remote malicious users to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the valida...
Owasp Stinger
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »