|
213181
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Jun…
|
CWE-863
Incorrect Authorization
|
CVE-2020-11707
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213182
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users;…
|
CWE-352
Origin Validation Error
|
CVE-2020-11706
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213183
|
9.8 |
CRITICAL
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the …
|
CWE-22
Path Traversal
|
CVE-2020-11705
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213184
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. Get…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11704
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213185
|
7.5 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter.
|
CWE-74
Injection
|
CVE-2020-11703
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213186
|
6.1 |
MEDIUM
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collab…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11702
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213187
|
8.8 |
HIGH
Network
|
provideserver
|
provide_ftp_server
|
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting fi…
|
CWE-352
Origin Validation Error
|
CVE-2020-11701
|
2024-11-21 13:58 |
2020-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213188
|
7.5 |
HIGH
Network
|
jetbrains
|
pycharm
|
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-11694
|
2024-11-21 13:58 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213189
|
7.5 |
HIGH
Network
|
wireshark
debian
opensuse
|
wireshark
debian_linux
leap
|
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-11647
|
2024-11-21 13:58 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213190
|
5.5 |
MEDIUM
Local
|
linux
redhat
opensuse
|
linux_kernel
enterprise_linux
leap
|
An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, …
|
NVD-CWE-noinfo
|
CVE-2020-11669
|
2024-11-21 13:58 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
