|
198671
|
7.8 |
HIGH
Local
|
druva
|
insync_client
|
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
|
CWE-22
Path Traversal
|
CVE-2020-5752
|
2024-11-21 14:34 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198672
|
7.5 |
HIGH
Network
|
dell
|
emc_isilon_onefs
|
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-5365
|
2024-11-21 14:34 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198673
|
7.5 |
HIGH
Network
|
dell
|
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read…
|
CWE-200
Information Exposure
|
CVE-2020-5364
|
2024-11-21 14:34 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198674
|
5.3 |
MEDIUM
Network
|
signal
|
signal
private_messenger
|
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handlin…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2020-5753
|
2024-11-21 14:34 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198675
|
7.2 |
HIGH
Network
|
strangerstudios
|
paid_memberships_pro
|
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2020-5579
|
2024-11-21 14:34 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198676
|
6.5 |
MEDIUM
Network
|
pivotal_software
vmware
|
spring_security
|
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-5408
|
2024-11-21 14:34 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198677
|
6.1 |
MEDIUM
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth r…
|
CWE-601
Open Redirect
|
CVE-2020-5409
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198678
|
8.8 |
HIGH
Network
|
sixapart
|
movable_type
|
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) an…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5577
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198679
|
8.8 |
HIGH
Network
|
sixapart
|
movable_type
|
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Ad…
|
CWE-352
Origin Validation Error
|
CVE-2020-5576
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198680
|
6.1 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Mo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5575
|
2024-11-21 14:34 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
