Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23359PUBLISHED: 2021-01-27WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
CVE-2020-23360PUBLISHED: 2021-01-27oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
CVE-2020-23361PUBLISHED: 2021-01-27phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVE-2021-25311PUBLISHED: 2021-01-27condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
CVE-2021-25312PUBLISHED: 2021-01-27HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.
User Rank: Apprentice
1/17/2014 | 8:31:12 AM
Continuous software delivery really demands continous and automated security analysis of issues brought up in your article.