|
210671
|
8.8 |
HIGH
Network
|
opmantek
|
open-audit
|
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
|
CWE-78
OS Command
|
CVE-2020-11941
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210672
|
6.1 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11822
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210673
|
5.3 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11821
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210674
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specif…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11817
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210675
|
3.7 |
LOW
Network
|
openvpn
debian
fedoraproject
|
openvpn
debian_linux
fedora
|
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri…
|
CWE-362
Race Condition
|
CVE-2020-11810
|
2024-11-21 13:58 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210676
|
9.8 |
CRITICAL
Network
|
squid-cache
debian
opensuse
fedoraproject
canonical
|
squid
debian_linux
leap
fedora
ubuntu_linux
|
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the att…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-11945
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210677
|
7.5 |
HIGH
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment m…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-11940
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210678
|
9.8 |
CRITICAL
Network
|
ntop
|
ndpi
|
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular natu…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-11939
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210679
|
5.9 |
MEDIUM
Network
|
mailstore
|
mailstore_server
|
In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-11806
|
2024-11-21 13:58 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210680
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11649
|
2024-11-21 13:58 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
