|
196161
|
7.8 |
HIGH
Local
|
exim
|
exim
|
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exi…
|
-
|
CVE-2020-8015
|
2024-11-21 14:38 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196162
|
7.8 |
HIGH
Local
|
ui
|
unifi_video
|
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsE…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-8146
|
2024-11-21 14:38 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196163
|
6.5 |
MEDIUM
Network
|
ui
|
unifi_video
|
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belongi…
|
NVD-CWE-noinfo
|
CVE-2020-8145
|
2024-11-21 14:38 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196164
|
8.4 |
HIGH
Adjacent
|
ui
|
unifi_video
|
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure t…
|
CWE-22
Path Traversal
|
CVE-2020-8144
|
2024-11-21 14:38 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196165
|
8.8 |
HIGH
Network
|
auth0
|
login_by_auth0
|
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
|
NVD-CWE-Other
|
CVE-2020-7948
|
2024-11-21 14:38 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196166
|
9.8 |
CRITICAL
Network
|
auth0
|
login_by_auth0
|
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the da…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-7947
|
2024-11-21 14:38 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196167
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-8509
|
2024-11-21 14:38 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196168
|
5.4 |
MEDIUM
Network
|
totemo
|
totemomail
|
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-7918
|
2024-11-21 14:38 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196169
|
7.7 |
HIGH
Network
|
puppet
|
continuous_delivery
|
In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analy…
|
CWE-200
Information Exposure
|
CVE-2020-7944
|
2024-11-21 14:38 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196170
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8511
|
2024-11-21 14:38 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
