|
209611
|
8.8 |
HIGH
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
|
NVD-CWE-noinfo
|
CVE-2020-14005
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209612
|
5.4 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScri…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14073
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209613
|
7.5 |
HIGH
Network
|
rakuten
|
viber
|
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication req…
|
CWE-88
Argument Injection
|
CVE-2020-14049
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209614
|
8.8 |
HIGH
Network
|
kordil_edms_project
|
kordil_edms
|
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13887
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209615
|
5.4 |
MEDIUM
Network
|
kordil_edms_project
|
kordil_edms
|
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13888
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209616
|
8.2 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps…
|
CWE-611
XXE
|
CVE-2020-14204
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209617
|
8.8 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of a…
|
CWE-352
Origin Validation Error
|
CVE-2020-14203
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209618
|
6.1 |
MEDIUM
Network
|
ibi
|
webfocus_business_intelligence
|
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14202
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209619
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafte…
|
CWE-20
Improper Input Validation
|
CVE-2020-13961
|
2024-11-21 14:02 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209620
|
7.8 |
HIGH
Local
|
rtslib-fb_project
|
rtslib-fb
|
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-14019
|
2024-11-21 14:02 |
2020-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
