|
209881
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-15699
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209882
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
|
NVD-CWE-noinfo
|
CVE-2020-15698
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209883
|
4.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15697
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209884
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15696
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209885
|
6.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-15695
|
2024-11-21 14:06 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209886
|
6.1 |
MEDIUM
Network
|
rosariosis
|
rosariosis
|
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15721
|
2024-11-21 14:06 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209887
|
6.8 |
MEDIUM
Network
|
dogtagpki
|
dogtagpki
|
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15720
|
2024-11-21 14:06 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209888
|
4.2 |
MEDIUM
Network
|
openldap
redhat
opensuse
mcafee
oracle
|
openldap
enterprise_linux
leap
policy_auditor
blockchain_platform
|
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subject…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15719
|
2024-11-21 14:06 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209889
|
8.8 |
HIGH
Network
|
misp
|
misp
|
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
|
CWE-352
Origin Validation Error
|
CVE-2020-15711
|
2024-11-21 14:06 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209890
|
7.5 |
HIGH
Network
|
embedthis
|
appweb
|
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and caus…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-15689
|
2024-11-21 14:06 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
