|
210901
|
5.4 |
MEDIUM
Network
|
pydio
|
cells
|
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous u…
|
CWE-287
Improper Authentication
|
CVE-2020-12848
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210902
|
6.1 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12853
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210903
|
8.1 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging…
|
CWE-22
Path Traversal
|
CVE-2020-12851
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210904
|
6.8 |
MEDIUM
Network
|
pydio
|
cells
|
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves dow…
|
CWE-20
Improper Input Validation
|
CVE-2020-12852
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210905
|
7.2 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the po…
|
NVD-CWE-noinfo
|
CVE-2020-12847
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210906
|
5.9 |
MEDIUM
Network
|
djangoproject
canonical
fedoraproject
netapp
debian
oracle
|
django
ubuntu_linux
fedora
steelstore_cloud_integrated_storage
sra_plugin
debian_linux
zfs_storage_appliance_kit
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13254
|
2024-11-21 14:00 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210907
|
8.0 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12846
|
2024-11-21 14:00 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210908
|
8.8 |
HIGH
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
|
CWE-384
Session Fixation
|
CVE-2020-13229
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210909
|
6.1 |
MEDIUM
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13228
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210910
|
5.3 |
MEDIUM
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fa…
|
CWE-22
Path Traversal
|
CVE-2020-13227
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
