|
196961
|
5.4 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5746
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196962
|
7.4 |
HIGH
Network
|
tecnick
|
tcexam
|
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
|
CWE-352
Origin Validation Error
|
CVE-2020-5745
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196963
|
4.9 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
|
CWE-22
Path Traversal
|
CVE-2020-5744
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196964
|
4.3 |
MEDIUM
Network
|
tecnick
|
tcexam
|
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5743
|
2024-11-21 14:34 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196965
|
7.8 |
HIGH
Local
|
f5
|
nginx_controller
|
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the s…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-5895
|
2024-11-21 14:34 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196966
|
8.1 |
HIGH
Network
|
f5
|
nginx_controller
|
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
|
CWE-384
Session Fixation
|
CVE-2020-5894
|
2024-11-21 14:34 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196967
|
6.5 |
MEDIUM
Network
|
blueonyx
|
5209r_firmware
|
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis.
|
CWE-352
Origin Validation Error
|
CVE-2020-5517
|
2024-11-21 14:34 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196968
|
4.6 |
MEDIUM
Physics
|
simplisafe
|
ss3_firmware
|
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
|
CWE-287
Improper Authentication
|
CVE-2020-5727
|
2024-11-21 14:34 |
2020-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196969
|
6.7 |
MEDIUM
Local
|
f5
|
big-ip_access_policy_manager
big-ip_edge_gateway
big-ip_access_policy_manager_client
|
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
|
NVD-CWE-noinfo
|
CVE-2020-5892
|
2024-11-21 14:34 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196970
|
5.5 |
MEDIUM
Local
|
f5
|
big-iq_centralized_management
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big…
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication o…
|
CWE-200
Information Exposure
|
CVE-2020-5890
|
2024-11-21 14:34 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
