|
200871
|
4.3 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having acc…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-29603
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200872
|
4.9 |
MEDIUM
Network
|
rsa
|
archer
|
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather i…
|
NVD-CWE-noinfo
|
CVE-2020-29538
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200873
|
5.4 |
MEDIUM
Network
|
rsa
|
archer
|
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attack…
|
CWE-601
Open Redirect
|
CVE-2020-29537
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200874
|
4.3 |
MEDIUM
Network
|
rsa
|
archer
|
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in furth…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-29536
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200875
|
5.4 |
MEDIUM
Network
|
rsa
|
archer
|
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript cod…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29535
|
2024-11-21 14:24 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200876
|
3.9 |
LOW
Local
|
qemu
debian
|
qemu
debian_linux
|
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29443
|
2024-11-21 14:24 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200877
|
6.5 |
MEDIUM
Network
|
atlassian
|
confluence_server
confluence_data_center
|
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload featu…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29450
|
2024-11-21 14:24 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200878
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
fisheye
|
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected ver…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-29446
|
2024-11-21 14:24 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200879
|
8.7 |
HIGH
Network
|
dell
|
emc_avamar_server
emc_integrated_data_protection_appliance
|
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the …
|
CWE-22
Path Traversal
|
CVE-2020-29494
|
2024-11-21 14:24 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200880
|
5.4 |
MEDIUM
Network
|
simplcommerce
|
simplcommerce
|
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization o…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29587
|
2024-11-21 14:24 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
