Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authentication bypass vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-12520
An issue exists in ntopng 3.4 prior to 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and s...
Ntop Ntopng
1 EDB exploit
9.8
CVSSv3
CVE-2017-14243
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows malicious users to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi...
Utstar Wa3002g4 Firmware Wa3002g4-0021.01
1 EDB exploit
1 Github repository
NA
CVE-2008-6912
Zeeways SHAADICLONE 2.0 allows remote malicious users to bypass authentication and gain administrative privileges via a direct request to admin/home.php.
Zeeways Shaadiclone 2.0
2 EDB exploits
6.8
CVSSv3
CVE-2022-20662
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating...
Cisco Duo
9.8
CVSSv3
CVE-2017-7588
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920...
Brother Mfc Firmware -
Brother Dcp Firmware -
Brother Ads Firmware -
Brother Hl Firmware -
1 EDB exploit
1 Github repository
NA
CVE-2008-5631
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote malicious users to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party informatio...
Activewebsoftwares Active Ewebquiz 8.0
1 EDB exploit
NA
CVE-2008-5633
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Activewebsoftwares Activevotes 2.2
1 EDB exploit
NA
CVE-2009-1850
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote malicious users to execute arbitrary SQL commands via the password parameter.
Benjamin Curtis Phpbugtracker 1.0.3
1 EDB exploit
NA
CVE-2009-1852
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote malicious users to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
Graphiks Myforum 1.3
1 EDB exploit
NA
CVE-2009-2018
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the authuserid parameter.
Jaredeckersley Mycars
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »