|
202501
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_remote_access_plus
|
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined c…
|
NVD-CWE-noinfo
|
CVE-2020-8422
|
2024-11-21 14:38 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202502
|
9.8 |
CRITICAL
Network
|
simplejobscript
|
simplejobscript
|
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8440
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202503
|
9.8 |
CRITICAL
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-7956
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202504
|
5.3 |
MEDIUM
Network
|
hashicorp
|
consul
|
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
|
CWE-863
Incorrect Authorization
|
CVE-2020-7955
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202505
|
7.5 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
|
NVD-CWE-noinfo
|
CVE-2020-7914
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202506
|
5.4 |
MEDIUM
Network
|
gistpress_project
|
gistpress
|
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor …
|
CWE-79
Cross-site Scripting
|
CVE-2020-8498
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202507
|
4.8 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as …
|
CWE-79
Cross-site Scripting
|
CVE-2020-8496
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202508
|
7.5 |
HIGH
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unaut…
|
CWE-862
Missing Authorization
|
CVE-2020-8495
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202509
|
8.8 |
HIGH
Network
|
kronos
|
web_time_and_attendance
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privil…
|
NVD-CWE-noinfo
|
CVE-2020-8494
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202510
|
4.8 |
MEDIUM
Network
|
kronos
|
web_time_and_attendance
|
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instruction…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8493
|
2024-11-21 14:38 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
