|
209951
|
5.2 |
MEDIUM
Local
|
octobercms
|
october
|
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms…
|
NVD-CWE-Other
|
CVE-2020-15247
|
2024-11-21 14:05 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209952
|
7.5 |
HIGH
Network
|
octobercms
|
october
|
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an Oct…
|
CWE-22
Path Traversal
|
CVE-2020-15246
|
2024-11-21 14:05 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209953
|
6.1 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
|
CWE-601
Open Redirect
|
CVE-2020-15300
|
2024-11-21 14:05 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209954
|
7.8 |
HIGH
Local
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template o…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-15301
|
2024-11-21 14:05 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209955
|
7.8 |
HIGH
Local
|
binarynights
|
forklift
|
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, mo…
|
CWE-862
Missing Authorization
|
CVE-2020-15349
|
2024-11-21 14:05 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209956
|
7.8 |
HIGH
Local
|
passmark
|
osforensics
performancetest
burnintest
|
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privil…
|
NVD-CWE-noinfo
|
CVE-2020-15481
|
2024-11-21 14:05 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209957
|
5.4 |
MEDIUM
Network
|
moinmo
|
moinmoin
|
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user'…
|
-
|
CVE-2020-15275
|
2024-11-21 14:05 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209958
|
9.1 |
CRITICAL
Network
|
bitdefender
|
update_server
|
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-15297
|
2024-11-21 14:05 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209959
|
8.8 |
HIGH
Network
|
auth0
|
ad\/ldap_connector
|
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if …
|
-
|
CVE-2020-15259
|
2024-11-21 14:05 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209960
|
8.7 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component…
|
-
|
CVE-2020-15276
|
2024-11-21 14:05 |
2020-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
