|
211921
|
9.8 |
CRITICAL
Network
|
oscommerce
|
oscommerce
|
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passw…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23360
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211922
|
9.8 |
CRITICAL
Network
|
webidsupport
|
webid
|
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can…
|
CWE-697
Incorrect Comparison
|
CVE-2020-23359
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211923
|
7.5 |
HIGH
Network
|
nibbleblog
|
nibbleblog
|
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followe…
|
NVD-CWE-noinfo
|
CVE-2020-23356
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211924
|
7.5 |
HIGH
Network
|
codiad
|
codiad
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords f…
|
NVD-CWE-noinfo
|
CVE-2020-23355
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211925
|
7.5 |
HIGH
Network
|
zblogcn
|
z-blogphp
|
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_inp…
|
NVD-CWE-Other
|
CVE-2020-23352
|
2024-11-21 14:13 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211926
|
7.5 |
HIGH
Network
|
newbee-mall_project
|
newbee-mall
|
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-23449
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211927
|
9.8 |
CRITICAL
Network
|
newbee-mall_project
|
newbee-mall
|
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code…
|
CWE-306
CWE-706
Missing Authentication for Critical Function
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-23448
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211928
|
6.1 |
MEDIUM
Network
|
newbee-mall_project
|
newbee-mall
|
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23447
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211929
|
9.8 |
CRITICAL
Network
|
mingsoft
|
mcms
|
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
|
CWE-89
SQL Injection
|
CVE-2020-23262
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211930
|
7.5 |
HIGH
Network
|
pyres
|
termod4_firmware
|
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-23162
|
2024-11-21 14:13 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
