|
201511
|
5.0 |
MEDIUM
Network
|
nextcloud
novell
opensuse
|
nextcloud_server
suse_linux_enterprise_server
backports_sle
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-8118
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201512
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-8117
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201513
|
7.3 |
HIGH
Network
|
dot-prop_project
|
dot-prop
|
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-8116
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201514
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session …
|
CWE-79
Cross-site Scripting
|
CVE-2020-8115
|
2024-11-21 14:38 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201515
|
9.8 |
CRITICAL
Network
|
phpabook_project
|
phpabook
|
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.
|
CWE-287
Improper Authentication
|
CVE-2020-8510
|
2024-11-21 14:38 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201516
|
4.3 |
MEDIUM
Network
|
prototypejs
|
prototype
|
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.
|
CWE-862
Missing Authorization
|
CVE-2020-7993
|
2024-11-21 14:38 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201517
|
9.8 |
CRITICAL
Network
|
norman
|
malware_cleaner
|
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8508
|
2024-11-21 14:38 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201518
|
6.1 |
MEDIUM
Network
|
maxum
|
rumpus
|
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8514
|
2024-11-21 14:38 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201519
|
5.3 |
MEDIUM
Network
|
torproject
|
tor
|
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to di…
|
NVD-CWE-noinfo
|
CVE-2020-8516
|
2024-11-21 14:38 |
2020-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201520
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor2960_firmware
vigor300b_firmware
vigor3900_firmware
|
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacter…
|
CWE-78
OS Command
|
CVE-2020-8515
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
