|
214931
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
|
CWE-22
Path Traversal
|
CVE-2020-11819
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214932
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password…
|
CWE-352
Origin Validation Error
|
CVE-2020-11818
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214933
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11816
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214934
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific at…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11815
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214935
|
5.4 |
MEDIUM
Network
|
qdpm
|
qdpm
|
A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.
|
CWE-74
Injection
|
CVE-2020-11814
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214936
|
5.4 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11813
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214937
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11812
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214938
|
9.8 |
CRITICAL
Network
|
qdpm
|
qdpm
|
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11811
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214939
|
6.5 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
|
NVD-CWE-noinfo
|
CVE-2020-11660
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214940
|
4.3 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11659
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
