|
210711
|
7.8 |
HIGH
Local
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template o…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-15301
|
2024-11-21 14:05 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210712
|
7.8 |
HIGH
Local
|
binarynights
|
forklift
|
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, mo…
|
CWE-862
Missing Authorization
|
CVE-2020-15349
|
2024-11-21 14:05 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210713
|
7.8 |
HIGH
Local
|
passmark
|
osforensics
performancetest
burnintest
|
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privil…
|
NVD-CWE-noinfo
|
CVE-2020-15481
|
2024-11-21 14:05 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210714
|
5.4 |
MEDIUM
Network
|
moinmo
|
moinmoin
|
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user'…
|
-
|
CVE-2020-15275
|
2024-11-21 14:05 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210715
|
9.1 |
CRITICAL
Network
|
bitdefender
|
update_server
|
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15297
|
2024-11-21 14:05 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210716
|
8.8 |
HIGH
Network
|
auth0
|
ad\/ldap_connector
|
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if …
|
-
|
CVE-2020-15259
|
2024-11-21 14:05 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210717
|
8.7 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component…
|
-
|
CVE-2020-15276
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210718
|
7.2 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15277
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210719
|
8.1 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registra…
|
-
|
CVE-2020-15273
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210720
|
7.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hiera…
|
-
|
CVE-2020-15278
|
2024-11-21 14:05 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
