|
211191
|
6.1 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field i…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14024
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211192
|
4.9 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14023
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211193
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14022
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211194
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_service_desk
|
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Informa…
|
NVD-CWE-noinfo
|
CVE-2020-14180
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211195
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /…
|
NVD-CWE-noinfo
|
CVE-2020-14179
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211196
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searc…
|
NVD-CWE-noinfo
|
CVE-2020-14177
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211197
|
7.5 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be …
|
CWE-611
XXE
|
CVE-2020-14029
|
2024-11-21 14:02 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211198
|
4.9 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any …
|
NVD-CWE-noinfo
|
CVE-2020-14021
|
2024-11-21 14:02 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211199
|
6.1 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13944
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211200
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affect…
|
CWE-200
Information Exposure
|
CVE-2020-14181
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
