|
210381
|
5.9 |
MEDIUM
Network
|
owncloud
|
owncloud
|
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
|
CWE-287
Improper Authentication
|
CVE-2020-10254
|
2024-11-21 13:55 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210382
|
8.3 |
HIGH
Network
|
owncloud
|
owncloud
|
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-10252
|
2024-11-21 13:55 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210383
|
3.3 |
LOW
Local
|
redhat
|
keycloak
single_sign-on
jboss_fuse
openshift_application_runtimes
|
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift App…
|
-
|
CVE-2020-10734
|
2024-11-21 13:55 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210384
|
7.5 |
HIGH
Network
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAA…
|
CWE-326
CWE-522
Inadequate Encryption Strength
Insufficiently Protected Credentials
|
CVE-2020-10554
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210385
|
5.5 |
MEDIUM
Local
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the l…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-10553
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210386
|
8.1 |
HIGH
Network
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read …
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-10552
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210387
|
5.5 |
MEDIUM
Local
|
newmediacompany
|
smarty
|
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated password…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-10375
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210388
|
6.5 |
MEDIUM
Network
|
iobit
|
advanced_systemcare
|
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode …
|
NVD-CWE-noinfo
|
CVE-2020-10234
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210389
|
9.8 |
CRITICAL
Network
|
epikur
|
epikur
|
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stor…
|
CWE-287
Improper Authentication
|
CVE-2020-10539
|
2024-11-21 13:55 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210390
|
5.5 |
MEDIUM
Local
|
epikur
|
epikur
|
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purpose…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-10538
|
2024-11-21 13:55 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
