Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11094
An issue exists on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, passwo...
Intelbras Ncloud 300 Firmware 1.0
1 EDB exploit
NA
CVE-2008-5632
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party informa...
Activewebsoftwares Active Time Billing 3.2
2 EDB exploits
6.1
CVSSv3
CVE-2012-1915
EllisLab CodeIgniter 2.1.2 allows remote malicious users to bypass the xss_clean() Filter and perform XSS attacks.
Codeigniter Codeigniter
1 EDB exploit
NA
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and previous versions, when running on Windows, allows remote malicious users to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess t...
Twiki Twiki
Microsoft Windows -
NA
CVE-2008-5589
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote malicious users to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obt...
Katywhitton Rankem
1 EDB exploit
NA
CVE-2009-4870
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote malicious users to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party in...
Phpcityportal Phpcityportal
1 EDB exploit
9.8
CVSSv3
CVE-2021-33044
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Sd1a1 Firmware
Dahuasecurity Sd22 Firmware
Dahuasecurity Sd41 Firmware
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware
Dahuasecurity Sd6al Firmware
Dahuasecurity Tpc-bf1241 Firmware
Dahuasecurity Tpc-bf2221 Firmware
Dahuasecurity Tpc-bf5x01 Firmware
Dahuasecurity Tpc-pt8x21b Firmware
Dahuasecurity Tpc-sd2221 Firmware
Dahuasecurity Tpc-sd8x21 Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Tpc-bf5x21 Firmware
19 Github repositories
9.8
CVSSv3
CVE-2021-33045
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Dahuasecurity Ipc-hum7xxx Firmware
Dahuasecurity Ipc-hx3xxx Firmware
Dahuasecurity Ipc-hx5xxx Firmware
Dahuasecurity Nvr-1xxx Firmware
Dahuasecurity Nvr-2xxx Firmware
Dahuasecurity Nvr-4xxx Firmware
Dahuasecurity Nvr-5xxx Firmware
Dahuasecurity Nvr-6xx Firmware
Dahuasecurity Vth-542xh Firmware
Dahuasecurity Vto-65xxx Firmware
Dahuasecurity Vto-75x95x Firmware
Dahuasecurity Xvr-4x04 Firmware -
Dahuasecurity Xvr-4x08 Firmware
Dahuasecurity Xvr-4x04 Firmware
Dahuasecurity Xvr-5x04 Firmware
Dahuasecurity Xvr-5x08 Firmware
Dahuasecurity Xvr-5x16 Firmware
Dahuasecurity Xvr-7x16 Firmware
Dahuasecurity Xvr-7x32 Firmware
18 Github repositories
NA
CVE-2012-0913
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote malicious users to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
Icloudcenter Ictimeattendance 1.0
1 EDB exploit
NA
CVE-2009-1804
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Videoscript Youtube Video Script -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »