Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bypass vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote malicious user to execute arbitrary code via a crafted script to the api/v1 component.
10
CVSSv2
CVE-2009-1314
body.asp in Web File Explorer 3.1 allows remote malicious users to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
Webfileexplorer Web File Explorer 3.1
1 EDB exploit
7.5
CVSSv2
CVE-2009-1323
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Webfileexplorer Web File Explorer 3.1
1 EDB exploit
10
CVSSv2
CVE-2002-0613
dnstools.php for DNSTools 2.0 beta 4 and previous versions allows remote malicious users to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
Dnstools Software Dnstools 2.0 Beta3
Dnstools Software Dnstools 2.0 Beta4
1 EDB exploit
NA
CVE-2018-162422018
oBike Electronic Lock suffers from an access control bypass vulnerability via a replay attack on a predictable nonce.
7.5
CVSSv2
CVE-2017-15974
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
Datacomponents Tpanel 2009
1 EDB exploit
7.5
CVSSv2
CVE-2008-6966
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote malicious users to bypass authentication via a direct request to admin/user.php.
Aj Square Aj Auction 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-0707
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote malicious users to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
Powerscripts Powerclan 1.14a
1 EDB exploit
7.5
CVSSv2
CVE-2009-0810
SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote malicious users to execute arbitrary SQL commands via the user parameter.
Xatrix Xguestbook 2.0
1 EDB exploit
5
CVSSv2
CVE-2012-2438
ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote malicious users to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php.
Awcm-cms Ar Web Content Manager 2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »