|
212451
|
9.8 |
CRITICAL
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for execu…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11708
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212452
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Jun…
|
CWE-863
Incorrect Authorization
|
CVE-2020-11707
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212453
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users;…
|
CWE-352
Origin Validation Error
|
CVE-2020-11706
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212454
|
9.8 |
CRITICAL
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the …
|
CWE-22
Path Traversal
|
CVE-2020-11705
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212455
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. Get…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11704
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212456
|
7.5 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter.
|
CWE-74
Injection
|
CVE-2020-11703
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212457
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collab…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11702
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212458
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting fi…
|
CWE-352
Origin Validation Error
|
CVE-2020-11701
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212459
|
7.5 |
HIGH
Network
|
jetbrains
|
pycharm
|
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-11694
|
2024-11-21 13:58 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212460
|
7.5 |
HIGH
Network
|
wireshark
debian
opensuse
|
wireshark
debian_linux
leap
|
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-11647
|
2024-11-21 13:58 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
