|
208291
|
8.0 |
HIGH
Network
|
databaseschemareader_project
|
dbschemareader
|
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a …
|
-
|
CVE-2020-26207
|
2024-11-21 14:19 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208292
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
|
NVD-CWE-noinfo
|
CVE-2020-26167
|
2024-11-21 14:19 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208293
|
8.7 |
HIGH
Network
|
bookstackapp
|
bookstack
|
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context…
|
-
|
CVE-2020-26211
|
2024-11-21 14:19 |
2020-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208294
|
8.7 |
HIGH
Network
|
bookstackapp
|
bookstack
|
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous con…
|
-
|
CVE-2020-26210
|
2024-11-21 14:19 |
2020-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208295
|
5.4 |
MEDIUM
Network
|
sal_project
|
sal
|
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.
|
-
|
CVE-2020-26205
|
2024-11-21 14:19 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208296
|
7.8 |
HIGH
Local
|
dual_dhcp_dns_server_project
|
dual_dhcp_dns_server
|
An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26133
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208297
|
7.8 |
HIGH
Local
|
home_dns_server_project
|
home_dns_server
|
An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26132
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208298
|
7.8 |
HIGH
Local
|
open_dhcp_server_project
|
open_dhcp_server
|
Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can ele…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26131
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208299
|
7.8 |
HIGH
Local
|
open_tftp_server_project
|
open_tftp_server
|
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can ele…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26130
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208300
|
7.5 |
HIGH
Network
|
sectona
|
spectra
|
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25966
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
