|
201721
|
6.1 |
MEDIUM
Network
|
maxum
|
rumpus
|
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8514
|
2024-11-21 14:38 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201722
|
5.3 |
MEDIUM
Network
|
torproject
|
tor
|
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to di…
|
NVD-CWE-noinfo
|
CVE-2020-8516
|
2024-11-21 14:38 |
2020-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201723
|
9.8 |
CRITICAL
Network
|
draytek
|
vigor2960_firmware
vigor300b_firmware
vigor3900_firmware
|
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacter…
|
CWE-78
OS Command
|
CVE-2020-8515
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201724
|
6.1 |
MEDIUM
Network
|
icewarp
|
icewarp_server
|
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8512
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201725
|
6.5 |
MEDIUM
Network
|
arox
|
school_management_software_php\/mysql
|
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
|
CWE-352
Origin Validation Error
|
CVE-2020-8505
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201726
|
6.5 |
MEDIUM
Network
|
arox
|
school_management_software_php\/mysql
|
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
|
CWE-352
Origin Validation Error
|
CVE-2020-8504
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201727
|
6.5 |
MEDIUM
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-uploa…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8503
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201728
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined c…
|
NVD-CWE-noinfo
|
CVE-2020-8422
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201729
|
9.8 |
CRITICAL
Network
|
simplejobscript
|
simplejobscript
|
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8440
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201730
|
9.8 |
CRITICAL
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7956
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
