CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5839 Bypass 2016-06-29 2016-06-29
5.0
None Remote Low Not required None Partial None
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
2 CVE-2016-5838 255 Bypass 2016-06-29 2016-06-29
5.0
None Remote Low Not required None Partial None
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
3 CVE-2016-5837 Bypass 2016-06-29 2016-06-29
5.0
None Remote Low Not required None Partial None
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
4 CVE-2016-5832 Bypass 2016-06-29 2016-06-29
5.0
None Remote Low Not required None Partial None
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
5 CVE-2016-5807 284 Bypass 2016-07-15 2016-07-18
5.5
None Remote Low Single system Partial Partial None
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request.
6 CVE-2016-5804 287 Bypass 2016-07-15 2016-07-19
5.0
None Remote Low Not required Partial None None
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
7 CVE-2016-5790 Bypass 2016-07-15 2016-07-18
5.0
None Remote Low Not required None None Partial
Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors.
8 CVE-2016-5637 119 DoS Exec Code Overflow Bypass 2016-07-15 2016-07-18
6.8
None Remote Medium Not required Partial Partial Partial
The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue.
9 CVE-2016-5363 254 DoS Bypass 2016-06-17 2016-06-20
6.4
None Remote Low Not required Partial None Partial
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
10 CVE-2016-5362 254 DoS Bypass 2016-06-17 2016-06-21
6.4
None Remote Low Not required Partial None Partial
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
11 CVE-2016-5135 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
12 CVE-2016-5132 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
13 CVE-2016-5128 Bypass 2016-07-23 2016-07-23
0.0
None ??? ??? ??? ??? ??? ???
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
14 CVE-2016-5109 284 Bypass 2016-07-13 2016-07-14
2.1
None Local Low Not required None Partial None
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.
15 CVE-2016-5104 284 Bypass 2016-06-13 2016-07-14
5.0
None Remote Low Not required None Partial None
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
16 CVE-2016-5008 284 Bypass 2016-07-13 2016-07-14
4.3
None Remote Medium Not required None Partial None
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
17 CVE-2016-4979 284 Bypass 2016-07-06 2016-07-08
5.0
None Remote Low Not required None Partial None
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.
18 CVE-2016-4911 284 Bypass 2016-06-13 2016-06-15
4.0
None Remote Low Single system None Partial None
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
19 CVE-2016-4603 Bypass +Info 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
20 CVE-2016-4590 Bypass 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
21 CVE-2016-4583 Bypass 2016-07-21 2016-07-21
0.0
None ??? ??? ??? ??? ??? ???
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
22 CVE-2016-4554 345 Bypass 2016-05-10 2016-06-21
5.0
None Remote Low Not required None Partial None
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
23 CVE-2016-4534 264 Bypass 2016-05-05 2016-05-09
3.0
None Local Medium Single system None Partial Partial
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
24 CVE-2016-4510 287 Bypass 2016-06-09 2016-06-10
6.4
None Remote Low Not required Partial Partial None
The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
25 CVE-2016-4503 287 Bypass 2016-07-11 2016-07-12
5.0
None Remote Low Not required Partial None None
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
26 CVE-2016-4502 284 Bypass 2016-05-30 2016-06-07
5.0
None Remote Low Not required Partial None None
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.
27 CVE-2016-4501 284 Bypass 2016-05-30 2016-06-07
6.4
None Remote Low Not required Partial Partial None
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.
28 CVE-2016-4495 284 Bypass 2016-06-09 2016-06-14
5.0
None Remote Low Not required Partial None None
KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.
29 CVE-2016-4437 284 Exec Code Bypass 2016-06-07 2016-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
30 CVE-2016-4433 20 Bypass 2016-07-04 2016-07-06
5.0
None Remote Low Not required None Partial None
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
31 CVE-2016-4432 287 Bypass 2016-06-01 2016-06-15
5.0
None Remote Low Not required None Partial None
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
32 CVE-2016-4431 20 Bypass 2016-07-04 2016-07-06
5.0
None Remote Low Not required None Partial None
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
33 CVE-2016-4422 287 +Priv Bypass 2016-05-06 2016-05-10
10.0
None Remote Low Not required Complete Complete Complete
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
34 CVE-2016-4215 284 Bypass 2016-07-12 2016-07-19
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
35 CVE-2016-4178 200 Bypass +Info 2016-07-12 2016-07-14
5.0
None Remote Low Not required Partial None None
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
36 CVE-2016-3985 284 Bypass 2016-04-11 2016-04-18
3.3
None Remote Low Multiple systems None Partial None
The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors.
37 CVE-2016-3984 284 Bypass 2016-04-08 2016-05-18
3.6
None Local Low Not required None Partial Partial
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
38 CVE-2016-3983 345 Bypass 2016-04-08 2016-04-11
5.0
None Remote Low Not required None Partial None
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.
39 CVE-2016-3750 20 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
40 CVE-2016-3748 264 Bypass 2016-07-10 2016-07-11
7.5
None Remote Low Not required Partial Partial Partial
The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804.
41 CVE-2016-3672 254 Bypass 2016-04-27 2016-07-19
4.6
None Local Low Not required Partial Partial Partial
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
42 CVE-2016-3287 254 Bypass 2016-07-12 2016-07-13
2.1
None Local Low Not required None Partial None
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass."
43 CVE-2016-3258 362 Bypass 2016-07-12 2016-07-13
1.2
None Local High Not required None Partial None
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."
44 CVE-2016-3256 200 Bypass +Info 2016-07-12 2016-07-13
2.1
None Local Low Not required Partial None None
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."
45 CVE-2016-3245 284 Bypass 2016-07-12 2016-07-13
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
46 CVE-2016-3244 284 Bypass 2016-07-12 2016-07-13
4.3
None Remote Medium Not required Partial None None
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
47 CVE-2016-3216 200 Bypass +Info 2016-06-15 2016-06-16
4.3
None Remote Medium Not required Partial None None
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
48 CVE-2016-3198 254 Bypass 2016-06-15 2016-06-16
4.3
None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
49 CVE-2016-3165 284 Bypass 2016-04-12 2016-04-12
5.0
None Remote Low Not required None Partial None
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition.
50 CVE-2016-3162 284 Bypass 2016-04-12 2016-04-22
6.5
None Remote Low Single system Partial Partial Partial
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.
Total number of vulnerabilities : 4404   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.