|
213111
|
5.4 |
MEDIUM
Network
|
microstrategy
|
microstrategy_web
|
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11454
|
2024-11-21 13:57 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213112
|
7.2 |
HIGH
Network
|
microstrategy
|
microstrategy_web
|
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitabl…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11451
|
2024-11-21 13:57 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213113
|
7.5 |
HIGH
Network
|
microstrategy
|
microstrategy_web
|
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerabi…
|
NVD-CWE-noinfo
|
CVE-2020-11450
|
2024-11-21 13:57 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213114
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a …
|
NVD-CWE-noinfo
|
CVE-2020-11458
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213115
|
3.3 |
LOW
Local
|
zoom
|
meetings
|
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera ac…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-11470
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213116
|
7.8 |
HIGH
Local
|
zoom
|
meetings
|
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-11469
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213117
|
7.2 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-11467
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213118
|
4.3 |
MEDIUM
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11466
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213119
|
8.8 |
HIGH
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak cu…
|
CWE-862
Missing Authorization
|
CVE-2020-11465
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213120
|
4.3 |
MEDIUM
Network
|
deskpro
|
deskpro
|
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users reg…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11464
|
2024-11-21 13:57 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
