|
209541
|
5.4 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremain…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13773
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209542
|
5.3 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no …
|
NVD-CWE-noinfo
|
CVE-2020-13772
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209543
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
|
CWE-89
SQL Injection
|
CVE-2020-13769
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209544
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
|
CWE-269
Improper Privilege Management
|
CVE-2020-13638
|
2024-11-21 14:01 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209545
|
9.9 |
CRITICAL
Network
|
ivanti
|
endpoint_manager
|
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13774
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209546
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-13771
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209547
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13770
|
2024-11-21 14:01 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209548
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13537
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209549
|
7.8 |
HIGH
Local
|
moxa
|
mxview
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13536
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209550
|
8.8 |
HIGH
Network
|
telerik
|
fiddler
|
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the …
|
NVD-CWE-noinfo
|
CVE-2020-13661
|
2024-11-21 14:01 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
