|
196111
|
6.1 |
MEDIUM
Network
|
horde
|
groupware
gollem
|
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the b…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8034
|
2024-11-21 14:38 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196112
|
6.1 |
MEDIUM
Network
|
horde
|
groupware
|
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8035
|
2024-11-21 14:38 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196113
|
9.8 |
CRITICAL
Network
|
logkitty_project
|
logkitty
|
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
|
CWE-94
Code Injection
|
CVE-2020-8149
|
2024-11-21 14:38 |
2020-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196114
|
7.5 |
HIGH
Network
|
bitdefender
|
engines
|
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This…
|
CWE-20
Improper Input Validation
|
CVE-2020-8100
|
2024-11-21 14:38 |
2020-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196115
|
6.1 |
MEDIUM
Network
|
opensuse
debian
|
open_build_service
debian_linux
|
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-bu…
|
-
|
CVE-2020-8020
|
2024-11-21 14:38 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196116
|
9.8 |
CRITICAL
Network
|
rubyonrails
debian
|
actionpack_page-caching
debian_linux
|
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can w…
|
CWE-22
Path Traversal
|
CVE-2020-8159
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196117
|
7.0 |
HIGH
Network
|
nextcloud
fedoraproject
|
mail
fedora
|
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-8156
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196118
|
5.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8155
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196119
|
7.7 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8154
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196120
|
8.1 |
HIGH
Network
|
nextcloud
fedoraproject
|
group_folders
fedora
|
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-8153
|
2024-11-21 14:38 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
