|
212301
|
6.1 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12853
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212302
|
8.1 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging…
|
CWE-22
Path Traversal
|
CVE-2020-12851
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212303
|
6.8 |
MEDIUM
Network
|
pydio
|
cells
|
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves dow…
|
CWE-20
Improper Input Validation
|
CVE-2020-12852
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212304
|
7.2 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the po…
|
NVD-CWE-noinfo
|
CVE-2020-12847
|
2024-11-21 14:00 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212305
|
5.9 |
MEDIUM
Network
|
djangoproject
canonical
fedoraproject
netapp
debian
oracle
|
django
ubuntu_linux
fedora
steelstore_cloud_integrated_storage
sra_plugin
debian_linux
zfs_storage_appliance_kit
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collis…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13254
|
2024-11-21 14:00 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212306
|
8.0 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12846
|
2024-11-21 14:00 |
2020-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212307
|
8.8 |
HIGH
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
|
CWE-384
Session Fixation
|
CVE-2020-13229
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212308
|
6.1 |
MEDIUM
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13228
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212309
|
5.3 |
MEDIUM
Network
|
sysax
|
multi_server
|
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fa…
|
CWE-22
Path Traversal
|
CVE-2020-13227
|
2024-11-21 14:00 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212310
|
5.5 |
MEDIUM
Local
|
sane-project
fedoraproject
debian
opensuse
canonical
|
sane_backends
fedora
debian_linux
leap
ubuntu_linux
|
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-20…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-12867
|
2024-11-21 14:00 |
2020-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
