|
209901
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
manageengine_datasecurity_plus
|
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authent…
|
CWE-22
Path Traversal
|
CVE-2020-11531
|
2024-11-21 13:58 |
2020-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209902
|
9.8 |
CRITICAL
Network
|
idangero
|
chop_slider
|
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker t…
|
CWE-89
SQL Injection
|
CVE-2020-11530
|
2024-11-21 13:58 |
2020-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209903
|
5.5 |
MEDIUM
Local
|
techsmith
|
snagit
|
In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.
|
CWE-611
XXE
|
CVE-2020-11541
|
2024-11-21 13:58 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209904
|
6.1 |
MEDIUM
Network
|
algolplus
|
advanced_order_export_for_woocommerce
|
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the vie…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11727
|
2024-11-21 13:58 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209905
|
6.1 |
MEDIUM
Network
|
zimbra
|
zimbra
|
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requ…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11737
|
2024-11-21 13:58 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209906
|
8.1 |
HIGH
Network
|
teampass
|
teampass
|
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via…
|
CWE-862
Missing Authorization
|
CVE-2020-11671
|
2024-11-21 13:58 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209907
|
7.5 |
HIGH
Network
|
microfocus
|
verastream_host_integrator
|
Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenti…
|
NVD-CWE-noinfo
|
CVE-2020-11842
|
2024-11-21 13:58 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209908
|
6.5 |
MEDIUM
Network
|
saltstack
opensuse
debian
canonical
blackberry
vmware
|
salt
leap
debian_linux
ubuntu_linux
workspaces_server
application_remote_collector
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods …
|
CWE-22
Path Traversal
|
CVE-2020-11652
|
2024-11-21 13:58 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209909
|
9.8 |
CRITICAL
Network
|
saltstack
opensuse
debian
canonical
vmware
|
salt
leap
debian_linux
ubuntu_linux
application_remote_collector
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access…
|
NVD-CWE-Other
|
CVE-2020-11651
|
2024-11-21 13:58 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209910
|
8.8 |
HIGH
Network
|
opmantek
|
open-audit
|
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11943
|
2024-11-21 13:58 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
