|
210811
|
8.8 |
HIGH
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13994
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
7.5 |
HIGH
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket.
|
CWE-89
SQL Injection
|
CVE-2020-13993
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
6.1 |
MEDIUM
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13992
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
7.5 |
HIGH
Network
|
samba
fedoraproject
opensuse
debian
canonical
|
samba
fedora
leap
debian_linux
ubuntu_linux
|
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
|
CWE-834
Excessive Iteration
|
CVE-2020-14303
|
2024-11-21 14:02 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14173
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
jira_software_data_center
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14172
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
9.8 |
CRITICAL
Network
|
ithemes
|
paypal_pro
|
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-14092
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
5.3 |
MEDIUM
Network
|
powerdns
|
recursor
|
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14196
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
9.8 |
CRITICAL
Network
|
monstaftp
|
monsta_ftp
|
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code exec…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-14057
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
9.8 |
CRITICAL
Network
|
monstaftp
|
monsta_ftp
|
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14056
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
