|
197101
|
9.8 |
CRITICAL
Network
|
networkmanager-ssh_project
debian
|
networkmanager-ssh
debian_linux
|
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
|
NVD-CWE-noinfo
|
CVE-2020-9355
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197102
|
7.5 |
HIGH
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL a…
|
CWE-22
Path Traversal
|
CVE-2020-9354
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197103
|
7.5 |
HIGH
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL i…
|
CWE-22
Path Traversal
|
CVE-2020-9353
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197104
|
9.8 |
CRITICAL
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a …
|
CWE-611
XXE
|
CVE-2020-9352
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197105
|
5.4 |
MEDIUM
Network
|
sas
|
visual_analytics
|
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9350
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197106
|
5.5 |
MEDIUM
Local
|
f-secure
|
cloud_protection_for_salesforce
internet_gatekeeper
email_and_server_security
|
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Pro…
|
CWE-436
Interpretation Conflict
|
CVE-2020-9342
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197107
|
8.8 |
HIGH
Network
|
auieo
|
candidats
|
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
|
CWE-352
Origin Validation Error
|
CVE-2020-9341
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197108
|
7.2 |
HIGH
Network
|
fauzantrif_election_project
|
fauzantrif_election
|
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-9340
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197109
|
5.3 |
MEDIUM
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transa…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-9351
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197110
|
5.4 |
MEDIUM
Network
|
soplanning
|
soplanning
|
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9339
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
