|
208161
|
6.1 |
MEDIUM
Network
|
phpredisadmin_project
|
phpredisadmin
|
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27163
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208162
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26584
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208163
|
6.1 |
MEDIUM
Network
|
sagedpw
|
sage_dpw
|
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26583
|
2024-11-21 14:20 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208164
|
8.1 |
HIGH
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-27157
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208165
|
9.8 |
CRITICAL
Network
|
veritas
|
aptare
|
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
|
CWE-863
Incorrect Authorization
|
CVE-2020-27156
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208166
|
8.6 |
HIGH
Network
|
bluez
debian
opensuse
|
bluez
debian_linux
leap
|
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during servic…
|
CWE-415
Double Free
|
CVE-2020-27153
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208167
|
4.4 |
MEDIUM
Local
|
trendmicro
|
antivirus
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and writt…
|
NVD-CWE-noinfo
|
CVE-2020-27013
|
2024-11-21 14:20 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208168
|
7.5 |
HIGH
Network
|
evolutionscript
|
helpdeskz
|
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no l…
|
CWE-89
SQL Injection
|
CVE-2020-26546
|
2024-11-21 14:20 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208169
|
7.5 |
HIGH
Network
|
pcvuesolutions
|
pcvue
|
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party syst…
|
NVD-CWE-noinfo
|
CVE-2020-26869
|
2024-11-21 14:20 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208170
|
7.5 |
HIGH
Network
|
pcvuesolutions
|
pcvue
|
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitima…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-26868
|
2024-11-21 14:20 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
