|
200041
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audi…
|
NVD-CWE-noinfo
|
CVE-2020-28406
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200042
|
8.8 |
HIGH
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be u…
|
NVD-CWE-noinfo
|
CVE-2020-28405
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200043
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-28404
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200044
|
8.8 |
HIGH
Network
|
iris
|
star
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be …
|
CWE-352
Origin Validation Error
|
CVE-2020-28403
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200045
|
8.8 |
HIGH
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
|
NVD-CWE-noinfo
|
CVE-2020-28402
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200046
|
6.5 |
MEDIUM
Network
|
iris
|
star_practice_management
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
|
NVD-CWE-noinfo
|
CVE-2020-28401
|
2024-11-21 14:22 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200047
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_operator_terminal_expert
pro-face_blue
|
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution whe…
|
-
|
CVE-2020-28221
|
2024-11-21 14:22 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200048
|
6.8 |
MEDIUM
Network
|
visjs
|
vis-timeline
|
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28487
|
2024-11-21 14:22 |
2021-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200049
|
7.1 |
HIGH
Network
|
gin-gonic
|
gin
|
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28483
|
2024-11-21 14:22 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200050
|
8.8 |
HIGH
Network
|
softwaremill
|
akka-http-session
|
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-…
|
CWE-352
Origin Validation Error
|
CVE-2020-28452
|
2024-11-21 14:22 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
