Project Expense Monitoring System version 1.0 suffers from an authentication bypass vulnerability that allows for administrative account creation.
5886a72c593de669cd120484467ffafdBackdoor.Win32.Kwak.12 malware suffers from a bypass vulnerability.
36ef9ee5d988d1ac724f3c5efc27ad6aDolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
fe74304105aaecf46ea3be88063bb592KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authentication bypass vulnerability. An unauthenticated attacker can disclose sensitive and clear-text information resulting in authentication bypass by downloading the configuration of the device and revealing the admin password.
e9c689c7edb292edf9f63d1991b4a4cdCatDV version 9.2 RMI authentication bypass exploit.
0a1d872d931080ef35d755340ddd6d1eGenua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability.
0161acaf18b16e7aa3d543af4bf41a1aOnline Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.
16768c5f888788b48538184a138bb0bbCASAP Automated Enrollment System version 1.0 suffers from an authentication bypass vulnerability.
535ea6fc08b41bb2412140d2c69c1c19Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem.
4dd764fc81b64e4c4edde1c782c708ffThis Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.
48e1d8f9d10632c1de0461c5d272f23dCoturn version 4.5.1.x suffers from a loopback access control bypass vulnerability.
253cda007888131792b88ab2a5964ea2Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.
5f6ec291becfdbef0390d40207572b2bMagic Home Pro version 1.5.1 suffers from an authentication bypass vulnerability.
443c1499ee75c5e874d1fb3b78099e20Red Hat Security Advisory 2020-5487-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
fc415d96d2794550073159993905fd0dRed Hat Security Advisory 2020-5453-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
b4a93cbe7feddaa610fd869f5a2f9e43Red Hat Security Advisory 2020-5423-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.
d926c7696d9a762d6499f87ef0ae8e38The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
b1d09f4404b1268792fe1602be620242Proof of concept code that demonstrates a full CSP bypass in Chromium 83.
5f28bc1718fd589618d504b2b06e5d99Intelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
7f66e81bed10e301accbd0125edcf58aBigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.
e5cbcb0cd6ca27bcdf0920717ef88a9cThe TP-Link TL-WA855RE V5_200415 suffers from a flow where an unauthenticated attacker can reset the device and then set a new administrator password.
f79efa750b058c193c7a2434bcaf03bdThis Metasploit module performs an authentication brute forcing attack against the panel in Bludit version 3.9.2.
466a1ffa63c9bdf248aa584d522e3934Microsoft Windows suffers from a local spooler bypass vulnerability.
3f3c10cd2d2b0c404a73cddec7d03575Genexis Platinum-4410 version P4410-V2-1.28 suffers from missing access control and cross site request forgery vulnerabilities.
19dd7cfa841cbf52a780424e364979a9The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
63ad9696454afc1b19e579a677c06b40
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed