|
212721
|
7.5 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all help…
|
CWE-862
Missing Authorization
|
CVE-2020-11463
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212722
|
5.4 |
MEDIUM
Network
|
netgate
|
pfsense
|
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11457
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212723
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
|
CWE-79
Cross-site Scripting
|
CVE-2020-11456
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212724
|
9.8 |
CRITICAL
Network
|
limesurvey
|
limesurvey
|
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
|
CWE-22
Path Traversal
|
CVE-2020-11455
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212725
|
7.5 |
HIGH
Network
|
technicolor
|
tc7337_firmware
|
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11449
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212726
|
5.3 |
MEDIUM
Network
|
tp-link
|
nc450_firmware
nc260_firmware
nc250_firmware
nc230_firmware
nc220_firmware
nc210_firmware
nc200_firmware
kc300s2_firmware
kc310s2_firmware
kc200_firmware
tapo_c200_firmw…
|
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
|
NVD-CWE-noinfo
|
CVE-2020-11445
|
2024-11-21 13:57 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212727
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see…
|
CWE-74
Injection
|
CVE-2020-11441
|
2024-11-21 13:57 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212728
|
7.5 |
HIGH
Network
|
telerik
|
ui_for_silverlight
|
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the …
|
CWE-22
Path Traversal
|
CVE-2020-11414
|
2024-11-21 13:57 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212729
|
7.8 |
HIGH
Local
|
psappdeploytoolkit
|
powershell_app_deployment_toolkit
|
In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enab…
|
NVD-CWE-Other
|
CVE-2020-10962
|
2024-11-21 13:56 |
2023-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212730
|
9.8 |
CRITICAL
Network
|
sierrawireless
|
airlink_mobility_manager
|
Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.
|
NVD-CWE-noinfo
|
CVE-2020-11101
|
2024-11-21 13:56 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
