|
195991
|
7.8 |
HIGH
Local
|
trendmicro
|
password_manager
|
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-8469
|
2024-11-21 14:38 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195992
|
6.1 |
MEDIUM
Network
|
metagauss
|
registrationmagic
|
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8436
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195993
|
8.1 |
HIGH
Network
|
metagauss
|
registrationmagic
|
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-8435
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195994
|
7.5 |
HIGH
Network
|
puppet
|
puppet_server
puppetdb
puppet_enterprise
|
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource na…
|
NVD-CWE-noinfo
|
CVE-2020-7943
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195995
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side reques…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-8540
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195996
|
6.5 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit UR…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-8439
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195997
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8113
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195998
|
8.8 |
HIGH
Network
|
phpipam
|
phpipam
|
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and function…
|
CWE-352
Origin Validation Error
|
CVE-2020-7988
|
2024-11-21 14:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195999
|
7.5 |
HIGH
Network
|
bittorrent
|
utorrent
|
The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8437
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196000
|
2.5 |
LOW
Local
|
suse
opensuse
|
linux_enterprise_server
leap
|
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spe…
|
-
|
CVE-2020-8013
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
