|
196161
|
7.2 |
HIGH
Network
|
joyent
oracle
|
json
commerce_guided_search
timesten_in-memory_database
financial_services_regulatory_reporting_with_agilereporter
financial_services_crime_and_compliance_management_studio
|
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
|
CWE-78
OS Command
|
CVE-2020-7712
|
2024-11-21 14:37 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196162
|
4.8 |
MEDIUM
Network
|
mcafee
|
application_and_change_control
|
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7309
|
2024-11-21 14:37 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196163
|
6.5 |
MEDIUM
Network
|
ericssonlg
|
ipecs
|
A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when hand…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-7824
|
2024-11-21 14:37 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196164
|
7.5 |
HIGH
Network
|
rapid7
|
metasploit
|
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbit…
|
CWE-22
Path Traversal
|
CVE-2020-7377
|
2024-11-21 14:37 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196165
|
9.8 |
CRITICAL
Network
|
rapid7
|
metasploit
|
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to…
|
CWE-22
Path Traversal
|
CVE-2020-7376
|
2024-11-21 14:37 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196166
|
8.1 |
HIGH
Network
|
mintegral
|
mintegraladsdk
|
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-7705
|
2024-11-21 14:37 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196167
|
8.8 |
HIGH
Network
|
inogard
|
ebiz4u
|
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via direct…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-7831
|
2024-11-21 14:37 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196168
|
7.5 |
HIGH
Network
|
goxmldsig_project
|
goxmldsig
|
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-7711
|
2024-11-21 14:37 |
2020-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196169
|
9.8 |
CRITICAL
Network
|
safe-eval_project
|
safe-eval
|
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.
|
CWE-94
Code Injection
|
CVE-2020-7710
|
2024-11-21 14:37 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196170
|
6.9 |
MEDIUM
Local
|
mcafee
|
total_protection
|
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via man…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7310
|
2024-11-21 14:37 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
