|
199221
|
7.2 |
HIGH
Network
|
rsa
|
archer
|
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability t…
|
CWE-78
OS Command
|
CVE-2020-5332
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199222
|
5.5 |
MEDIUM
Local
|
rsa
|
archer
|
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious…
|
CWE-200
Information Exposure
|
CVE-2020-5331
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199223
|
3.1 |
LOW
Network
|
simplesamlphp
|
simplesamlphp
|
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to ide…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2020-5301
|
2024-11-21 14:33 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199224
|
7.3 |
HIGH
Network
|
sustainsys
|
saml2
|
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as b…
|
CWE-287
Improper Authentication
|
CVE-2020-5268
|
2024-11-21 14:33 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199225
|
6.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
|
CWE-863
Incorrect Authorization
|
CVE-2020-5293
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199226
|
6.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.
|
CWE-863
Incorrect Authorization
|
CVE-2020-5288
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199227
|
6.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.
|
CWE-863
Incorrect Authorization
|
CVE-2020-5287
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199228
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5286
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199229
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5285
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199230
|
6.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ …
|
CWE-863
Incorrect Authorization
|
CVE-2020-5279
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
