|
208991
|
7.2 |
HIGH
Network
|
pluxxml
|
pluxxml
|
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
|
NVD-CWE-noinfo
|
CVE-2020-18184
|
2024-11-21 14:08 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208992
|
4.3 |
MEDIUM
Network
|
powerdns
|
authoritative
|
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialize…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-17482
|
2024-11-21 14:08 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208993
|
7.5 |
HIGH
Network
|
nec
|
expresscluster_x
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The spe…
|
-
|
CVE-2020-17408
|
2024-11-21 14:08 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208994
|
5.4 |
MEDIUM
Network
|
fabbricadigitale
|
multiux
|
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17458
|
2024-11-21 14:08 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208995
|
8.8 |
HIGH
Adjacent
|
senstar
|
symphony
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The…
|
-
|
CVE-2020-17405
|
2024-11-21 14:08 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208996
|
6.1 |
MEDIUM
Network
|
forgerock
|
identity_manager
|
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.
|
CWE-79
Cross-site Scripting
|
CVE-2020-17465
|
2024-11-21 14:08 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208997
|
5.4 |
MEDIUM
Network
|
halo
|
halo
|
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19007
|
2024-11-21 14:08 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208998
|
5.7 |
MEDIUM
Network
|
zrlog
|
zrlog
|
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
|
CWE-863
Incorrect Authorization
|
CVE-2020-19005
|
2024-11-21 14:08 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208999
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_studio_photo
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the …
|
-
|
CVE-2020-17404
|
2024-11-21 14:08 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209000
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_studio_photo
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the …
|
-
|
CVE-2020-17403
|
2024-11-21 14:08 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
