|
201321
|
7.4 |
HIGH
Network
|
fujixerox
|
easy_netprint
|
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-5521
|
2024-11-21 14:34 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201322
|
7.4 |
HIGH
Network
|
fujixerox
|
netprint
|
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-5520
|
2024-11-21 14:34 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201323
|
7.9 |
HIGH
Adjacent
|
philips
|
hue_bridge_v2_firmware
|
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6007
|
2024-11-21 14:34 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201324
|
5.3 |
MEDIUM
Network
|
vmware
oracle
|
spring_framework
flexcube_private_banking
insurance_policy_administration_j2ee
insurance_rules_palette
retail_service_backbone
retail_back_office
weblogic_server
application_test…
|
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) …
|
CWE-352
Origin Validation Error
|
CVE-2020-5397
|
2024-11-21 14:34 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201325
|
7.5 |
HIGH
Network
|
vmware
oracle
netapp
|
spring_framework
flexcube_private_banking
insurance_policy_administration_j2ee
insurance_rules_palette
retail_service_backbone
retail_back_office
weblogic_server
application_test…
|
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it …
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-5398
|
2024-11-21 14:34 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201326
|
6.5 |
MEDIUM
Network
|
phpbb
|
phpbb
|
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.
|
CWE-352
Origin Validation Error
|
CVE-2020-5502
|
2024-11-21 14:34 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201327
|
4.3 |
MEDIUM
Network
|
phpbb
|
phpbb
|
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
|
CWE-352
Origin Validation Error
|
CVE-2020-5501
|
2024-11-21 14:34 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201328
|
7.2 |
HIGH
Network
|
phpgurukul
|
car_rental_portal
|
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5509
|
2024-11-21 14:34 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201329
|
9.8 |
CRITICAL
Network
|
vaaip
|
freelancy
|
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.
|
CWE-78
OS Command
|
CVE-2020-5505
|
2024-11-21 14:34 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201330
|
5.4 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this c…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5853
|
2024-11-21 14:34 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
