|
197471
|
5.1 |
MEDIUM
Network
|
octobercms
|
october
|
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `Impo…
|
CWE-77
Command Injection
|
CVE-2020-5299
|
2024-11-21 14:33 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197472
|
2.7 |
LOW
Network
|
octobercms
|
october
|
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, wof…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-5297
|
2024-11-21 14:33 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197473
|
4.9 |
MEDIUM
Network
|
octobercms
|
october
|
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vul…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-5296
|
2024-11-21 14:33 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197474
|
4.9 |
MEDIUM
Network
|
octobercms
|
october
|
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability i…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-5295
|
2024-11-21 14:33 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197475
|
6.0 |
MEDIUM
Local
|
dell
|
dock_wd15_firmware
dock_wd19_firmware
thunderbolt_dock_tb16_firmware
precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmware
|
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-5357
|
2024-11-21 14:33 |
2020-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197476
|
5.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-5248
|
2024-11-21 14:33 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197477
|
7.8 |
HIGH
Local
|
dell
|
os_recovery_image_for_microsoft_windows_10
|
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user wi…
|
CWE-863
Incorrect Authorization
|
CVE-2020-5343
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197478
|
6.1 |
MEDIUM
Network
|
rsa
|
archer
|
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users t…
|
CWE-601
Open Redirect
|
CVE-2020-5337
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197479
|
6.1 |
MEDIUM
Network
|
rsa
|
archer
|
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. An unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user t…
|
CWE-74
Injection
|
CVE-2020-5336
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197480
|
8.8 |
HIGH
Network
|
rsa
|
archer
|
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim…
|
CWE-352
Origin Validation Error
|
CVE-2020-5335
|
2024-11-21 14:33 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
