|
210781
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14486
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210782
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14493
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210783
|
6.1 |
MEDIUM
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14492
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210784
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious u…
|
CWE-22
Path Traversal
|
CVE-2020-14490
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210785
|
7.5 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-14489
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210786
|
4.9 |
MEDIUM
Network
|
oracle
netapp
|
mysql
active_iq_unified_manager
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privi…
|
NVD-CWE-noinfo
|
CVE-2020-14725
|
2024-11-21 14:03 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210787
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow u…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-14494
|
2024-11-21 14:03 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210788
|
6.5 |
MEDIUM
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information.
|
CWE-862
Missing Authorization
|
CVE-2020-14491
|
2024-11-21 14:03 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210789
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow exec…
|
CWE-287
Improper Authentication
|
CVE-2020-14485
|
2024-11-21 14:03 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210790
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-14484
|
2024-11-21 14:03 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
