|
195911
|
6.1 |
MEDIUM
Network
|
ckeditor
fedoraproject
drupal
oracle
|
ckeditor
fedora
drupal
peoplesoft_enterprise_peopletools
webcenter_portal
agile_plm
application_express
jd_edwards_enterpriseone_tools
siebel_apps_-_customer_order_management<…
|
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9281
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195912
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_…
|
CWE-862
Missing Authorization
|
CVE-2020-9458
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195913
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_set…
|
CWE-862
Missing Authorization
|
CVE-2020-9457
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195914
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_r…
|
CWE-862
Missing Authorization
|
CVE-2020-9456
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195915
|
4.3 |
MEDIUM
Network
|
metagauss
|
registrationmagic
|
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php se…
|
CWE-862
Missing Authorization
|
CVE-2020-9455
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195916
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, i…
|
CWE-352
Origin Validation Error
|
CVE-2020-9454
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195917
|
6.5 |
MEDIUM
Network
|
mi
|
miui_firmware
|
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induc…
|
CWE-94
Code Injection
|
CVE-2020-9530
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195918
|
7.3 |
HIGH
Adjacent
|
mi
|
miui_firmware
|
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files…
|
NVD-CWE-noinfo
|
CVE-2020-9531
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195919
|
7.8 |
HIGH
Local
|
redsoftware
|
pdfescape
|
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.
|
CWE-426
Untrusted Search Path
|
CVE-2020-9418
|
2024-11-21 14:40 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195920
|
7.5 |
HIGH
Network
|
d-link
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9544
|
2024-11-21 14:40 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
