17 matches found
EUVD-2018-12980
Malware in sbrugna...
EUVD-2018-12979
Malware in sbrugna...
Exploit for CVE-2024-9106
CVE-2024-9106 Wechat Social login = 1.3.0 - Authentication...
Discuz! DiscuzX file deletion vulnerability
Discuz! DiscuzX is an online forum system. A file deletion vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to delete the commonmemberwechatmp data structure by sending an ac=unbindmp request to the plugin.php page when wechat login is enabled...
Discuz! DiscuzX Authentication Bypass Vulnerability
Discuz! DiscuzX is an online forum system. An authentication bypass vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to bypass authentication and gain access to an account with the help of a non-empty wechatcommonmemberwechatmp when wechat login is...
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...
Authentication flaw
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...
CVE-2018-20424
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...
CVE-2018-20424
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
Design/Logic Flaw
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...
Design/Logic Flaw
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
CVE-2018-20424
Discuz! DiscuzX 3.4 is vulnerable when WeChat login is enabled: a remote attacker can delete the common_member_wechatmp data structure by sending ac=unbindmp to plugin.php. This is documented in CVE-2018-20424 and CNVD-2018-26767, noting a remote deletion Impact. The provided sources do not inclu...
CVE-2018-20423
CVE-2018-20423 affects Discuz! DiscuzX 3.4 when WeChat login is enabled. A logic flaw in plugin.php ac=wxregister allows remote attackers to bypass the “disabled registration” setting by supplying a non-existent wxopenid value, enabling unauthorized registrations. Exploitation details are not pro...