|
197011
|
6.5 |
MEDIUM
Network
|
signotec
|
signopad-api\/web
|
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't l…
|
NVD-CWE-noinfo
|
CVE-2020-9343
|
2024-11-21 14:40 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197012
|
9.8 |
CRITICAL
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. T…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9423
|
2024-11-21 14:40 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197013
|
7.5 |
HIGH
Network
|
beyondtrust
|
privilege_management_for_windows_and_mac
|
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions pres…
|
NVD-CWE-noinfo
|
CVE-2020-9326
|
2024-11-21 14:40 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197014
|
7.5 |
HIGH
Network
|
aquaforest
|
tiff_server
|
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.
|
CWE-22
CWE-306
Path Traversal
Missing Authentication for Critical Function
|
CVE-2020-9325
|
2024-11-21 14:40 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197015
|
7.5 |
HIGH
Network
|
aquaforest
|
tiff_server
|
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-9324
|
2024-11-21 14:40 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197016
|
5.3 |
MEDIUM
Network
|
aquaforest
|
tiff_server
|
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.
|
CWE-22
Path Traversal
|
CVE-2020-9323
|
2024-11-21 14:40 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197017
|
6.1 |
MEDIUM
Network
|
zulipchat
|
zulip_desktop
|
Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9443
|
2024-11-21 14:40 |
2020-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197018
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_password_manager_pro
|
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-9347
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197019
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_password_manager_pro
|
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
|
CWE-352
Origin Validation Error
|
CVE-2020-9346
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197020
|
6.5 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9472
|
2024-11-21 14:40 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
