|
210041
|
6.1 |
MEDIUM
Network
|
open_upload_project
|
open_upload
|
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11712
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210042
|
7.5 |
HIGH
Network
|
cpp-httplib_project
|
cpp-httplib
|
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some …
|
CWE-74
Injection
|
CVE-2020-11709
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210043
|
9.8 |
CRITICAL
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for execu…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11708
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210044
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Jun…
|
CWE-863
Incorrect Authorization
|
CVE-2020-11707
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210045
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users;…
|
CWE-352
Origin Validation Error
|
CVE-2020-11706
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210046
|
9.8 |
CRITICAL
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the …
|
CWE-22
Path Traversal
|
CVE-2020-11705
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210047
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. Get…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11704
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210048
|
7.5 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter.
|
CWE-74
Injection
|
CVE-2020-11703
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210049
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collab…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11702
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210050
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting fi…
|
CWE-352
Origin Validation Error
|
CVE-2020-11701
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
