13 matches found
PT-2025-48047
SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...
CVE-2024-47070
CVE-2024-47070 affects authentik (open-source identity provider) versions prior to 2024.8.3 and 2024.6.5. An authentication bypass exists when an attacker-supplied X-Forwarded-For header contains an unparsable value (e.g., a), which can bypass the password stage due to a policy binding flaw and a...
Authentication flaw
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater MiniRouter v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user...
CVE-2022-30749
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity...
Improper access control
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity...
CVE-2022-30749
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity...
Design/Logic Flaw
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS...
CVE-2021-30702
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window...
Instainsane - Multi-threaded Instagram Brute Forcer
Instainsane is a Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. Legal disclaimer: Usage of InstaInsane for attacking...
CVE-2018-18703
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserverfilesystem/home.php...
Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute
Researchers have found a loophole in Intel processors that allow an attacker to bypass logins and place backdoors on laptops, allowing adversaries remote access to laptops. Researchers at F-Secure, that first identified the attack strategy, say the loophole can be exploited in less than one minut...
easyCMS <= 0.4.2 Multiple Remote Vulnerabilities
No description provided by source. --==+================================================================================+==-- --==+ easyCMS = 0.4.2 Multiple Remote Vulnerabilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8u...
aiocp-bypass.txt
i Product Name: AIOCP - All In One Control Panel i Vulnerable Versions: = 1.3.009 i Bug found by: Coloss i Contact: [email protected] i Date: 9.1.2007 i Spec: AIOCP doesn't check the username posted by the client before using this to check authentication, so SQL Injection is possible Example show...