|
211511
|
4.9 |
MEDIUM
Network
|
frogcms_project
|
frogcms
|
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
|
CWE-22
Path Traversal
|
CVE-2020-25872
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211512
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_ipv4
|
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-25767
|
2024-11-21 14:18 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211513
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25566
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211514
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25565
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211515
|
8.8 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.
|
CWE-863
Incorrect Authorization
|
CVE-2020-25564
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211516
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a J…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25563
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211517
|
6.5 |
MEDIUM
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.
|
CWE-352
Origin Validation Error
|
CVE-2020-25562
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211518
|
7.8 |
HIGH
Local
|
sapphireims
|
sapphireims
|
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25561
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211519
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25560
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211520
|
7.8 |
HIGH
Local
|
acronis
|
true_image
|
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
|
NVD-CWE-noinfo
|
CVE-2020-25736
|
2024-11-21 14:18 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
