4 matches found
GHSA-2M9R-PM7Q-WR6F GeniXCMS denial of service (account blockage)
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...
UBUNTU-CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...
CVE-2017-14231
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...
CVE-2017-14231
GeniXCMS before 1.1.0 is vulnerable to denial of service (account blockage) caused by mishandling of certain username substring relationships (e.g., admin[removed] vs admin) in registration logic. The issue affects register.php, User.class.php, and Type.class.php, and can be triggered remotely to...