|
210271
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the applicat…
|
-
|
CVE-2020-15177
|
2024-11-21 14:05 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210272
|
9.1 |
CRITICAL
Network
|
glpi-project
|
glpi
|
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for…
|
-
|
CVE-2020-15175
|
2024-11-21 14:05 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210273
|
3.5 |
LOW
Network
|
xmpp-http-upload_project
|
xmpp-http-upload
|
In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This …
|
-
|
CVE-2020-15239
|
2024-11-21 14:05 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210274
|
5.6 |
MEDIUM
Network
|
electronjs
|
electron
|
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `conte…
|
-
|
CVE-2020-15215
|
2024-11-21 14:05 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210275
|
7.5 |
HIGH
Network
|
electronjs
|
electron
|
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be …
|
NVD-CWE-Other
|
CVE-2020-15174
|
2024-11-21 14:05 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210276
|
7.5 |
HIGH
Network
|
trustwave
debian
|
modsecurity
debian_linux
|
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that ther…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-15598
|
2024-11-21 14:05 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210277
|
5.9 |
MEDIUM
Network
|
shrinerb
|
shrine
|
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been f…
|
-
|
CVE-2020-15237
|
2024-11-21 14:05 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210278
|
7.5 |
HIGH
Network
|
ractf
|
core
|
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6a…
|
-
|
CVE-2020-15235
|
2024-11-21 14:05 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210279
|
7.5 |
HIGH
Network
|
requarks
|
wiki.js
|
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read a…
|
-
|
CVE-2020-15236
|
2024-11-21 14:05 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210280
|
4.8 |
MEDIUM
Network
|
ory
|
fosite
|
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 A…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2020-15234
|
2024-11-21 14:05 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
