|
208301
|
6.1 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
|
CWE-601
Open Redirect
|
CVE-2020-26161
|
2024-11-21 14:19 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208302
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26183
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208303
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' r…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26182
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208304
|
6.1 |
MEDIUM
Network
|
xerox
|
workcentre_ec7836_firmware
workcentre_ec7856_firmware
|
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26162
|
2024-11-21 14:19 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208305
|
5.5 |
MEDIUM
Local
|
kde
opensuse
|
kdeconnect
leap
backports_sle
|
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-26164
|
2024-11-21 14:19 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208306
|
8.1 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).
|
CWE-22
Path Traversal
|
CVE-2020-25985
|
2024-11-21 14:19 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208307
|
7.5 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-25987
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208308
|
6.5 |
MEDIUM
Network
|
monocms
|
monocms
|
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.
|
CWE-352
Origin Validation Error
|
CVE-2020-25986
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208309
|
8.8 |
HIGH
Network
|
cuppacms
|
cuppacms
|
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function prov…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26048
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208310
|
7.5 |
HIGH
Network
|
clickstudios
|
passwordstate
|
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26061
|
2024-11-21 14:19 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
