|
196751
|
8.8 |
HIGH
Network
|
topmanage
|
olk_webstore
|
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-6844
|
2024-11-21 14:36 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196752
|
6.1 |
MEDIUM
Network
|
miniorange
|
saml_sp_single_sign_on
|
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayStat…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6850
|
2024-11-21 14:36 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196753
|
5.5 |
MEDIUM
Local
|
mcafee
|
data_exchange_layer
|
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via careful…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-7252
|
2024-11-21 14:36 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196754
|
5.4 |
MEDIUM
Network
|
codologic
|
codoforum
|
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is op…
|
CWE-79
CWE-732
Cross-site Scripting
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-7050
|
2024-11-21 14:36 |
2020-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196755
|
5.5 |
MEDIUM
Local
|
mcafee
|
endpoint_security
|
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthori…
|
CWE-863
Incorrect Authorization
|
CVE-2020-7251
|
2024-11-21 14:36 |
2020-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196756
|
6.1 |
MEDIUM
Network
|
codologic
|
codoforum
|
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeove…
|
CWE-79
CWE-732
Cross-site Scripting
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-7051
|
2024-11-21 14:36 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196757
|
9.8 |
CRITICAL
Network
|
hp
|
linuxki
|
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
|
NVD-CWE-noinfo
|
CVE-2020-7209
|
2024-11-21 14:36 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196758
|
6.1 |
MEDIUM
Network
|
hp
|
linuxki
|
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7208
|
2024-11-21 14:36 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196759
|
6.2 |
MEDIUM
Network
|
digi
|
connectport_lts_32_mei_bios
connectport_lts_32_mei_firmware
|
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause …
|
CWE-79
Cross-site Scripting
|
CVE-2020-6973
|
2024-11-21 14:36 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196760
|
4.9 |
MEDIUM
Network
|
digi
|
connectport_lts_32_mei_bios
connectport_lts_32_mei_firmware
|
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a maliciou…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-6975
|
2024-11-21 14:36 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
