|
210851
|
8.8 |
HIGH
Network
|
kordil_edms_project
|
kordil_edms
|
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13887
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210852
|
5.4 |
MEDIUM
Network
|
kordil_edms_project
|
kordil_edms
|
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13888
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210853
|
8.2 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps…
|
CWE-611
XXE
|
CVE-2020-14204
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210854
|
8.8 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of a…
|
CWE-352
Origin Validation Error
|
CVE-2020-14203
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210855
|
6.1 |
MEDIUM
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14202
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210856
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafte…
|
CWE-20
Improper Input Validation
|
CVE-2020-13961
|
2024-11-21 14:02 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210857
|
7.8 |
HIGH
Local
|
rtslib-fb_project
|
rtslib-fb
|
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14019
|
2024-11-21 14:02 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210858
|
4.2 |
MEDIUM
Local
|
cisofy
fedoraproject
|
lynis
fedora
|
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed l…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-13882
|
2024-11-21 14:02 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210859
|
8.1 |
HIGH
Adjacent
|
abus
|
secvest_wireless_control_fube50001_firmware
|
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-14157
|
2024-11-21 14:02 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210860
|
7.5 |
HIGH
Network
|
golang
fedoraproject
|
text
fedora
|
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An a…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-14040
|
2024-11-21 14:02 |
2020-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
