|
195891
|
6.1 |
MEDIUM
Network
|
zulipchat
|
zulip_desktop
|
Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9443
|
2024-11-21 14:40 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195892
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_password_manager_pro
|
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-9347
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195893
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_password_manager_pro
|
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
|
CWE-352
Origin Validation Error
|
CVE-2020-9346
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195894
|
6.5 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9472
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195895
|
8.8 |
HIGH
Network
|
umbraco
|
umbraco_cms
|
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9471
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195896
|
7.5 |
HIGH
Network
|
traefik
|
traefik
|
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-9321
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195897
|
5.3 |
MEDIUM
Network
|
microfocus
|
service_manager
|
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to all…
|
NVD-CWE-noinfo
|
CVE-2020-9518
|
2024-11-21 14:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195898
|
5.3 |
MEDIUM
Network
|
microfocus
|
service_manager
|
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploit…
|
NVD-CWE-noinfo
|
CVE-2020-9519
|
2024-11-21 14:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195899
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient
forticlient_virtual_private_network
|
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-9290
|
2024-11-21 14:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195900
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient_emergency_management_server
|
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides t…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-9287
|
2024-11-21 14:40 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
