|
209501
|
5.4 |
MEDIUM
Network
|
moinmo
|
moinmoin
|
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user'…
|
-
|
CVE-2020-15275
|
2024-11-21 14:05 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209502
|
9.1 |
CRITICAL
Network
|
bitdefender
|
update_server
|
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15297
|
2024-11-21 14:05 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209503
|
8.8 |
HIGH
Network
|
auth0
|
ad\/ldap_connector
|
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if …
|
-
|
CVE-2020-15259
|
2024-11-21 14:05 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209504
|
8.7 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component…
|
-
|
CVE-2020-15276
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209505
|
7.2 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15277
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209506
|
8.1 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registra…
|
-
|
CVE-2020-15273
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209507
|
7.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hiera…
|
-
|
CVE-2020-15278
|
2024-11-21 14:05 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209508
|
7.0 |
HIGH
Local
|
blueman_project
debian
fedoraproject
|
blueman
debian_linux
fedora
|
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depe…
|
CWE-88
Argument Injection
|
CVE-2020-15238
|
2024-11-21 14:05 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209509
|
7.2 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
pulse_policy_secure
policy_secure
|
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forg…
|
CWE-611
XXE
|
CVE-2020-15352
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209510
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual …
|
-
|
CVE-2020-15274
|
2024-11-21 14:05 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
