‼ CVE-2020-16106 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16105 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16107 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16114 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16108 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23356 ‼
📖 Read
via "National Vulnerability Database".
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23352 ‼
📖 Read
via "National Vulnerability Database".
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16110 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16115 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25312 ‼
📖 Read
via "National Vulnerability Database".
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16113 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23355 ‼
📖 Read
via "National Vulnerability Database".
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16112 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16109 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25311 ‼
📖 Read
via "National Vulnerability Database".
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23361 ‼
📖 Read
via "National Vulnerability Database".
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16111 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23360 ‼
📖 Read
via "National Vulnerability Database".
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23359 ‼
📖 Read
via "National Vulnerability Database".
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.📖 Read
via "National Vulnerability Database".
❌ Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline ❌
📖 Read
via "Threat Post".
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker's Dark Web leaks site is offline.📖 Read
via "Threat Post".
Threat Post
Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker's Dark Web leaks site offline and charged a suspect.
❌ ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping ❌
📖 Read
via "Threat Post".
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.📖 Read
via "Threat Post".
Threat Post
ADT Security Camera Flaws Open Homes to Eavesdropping
Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.