|
218341
|
5.4 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11813
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218342
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11812
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218343
|
9.8 |
CRITICAL
Network
|
qdpm
|
qdpm
|
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11811
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218344
|
6.5 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
|
NVD-CWE-noinfo
|
CVE-2020-11660
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218345
|
4.3 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11659
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218346
|
9.8 |
CRITICAL
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11658
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218347
|
8.8 |
HIGH
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-11666
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218348
|
6.1 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
CWE-601
Open Redirect
|
CVE-2020-11665
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218349
|
6.1 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
CWE-601
Open Redirect
|
CVE-2020-11664
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218350
|
6.1 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
|
CWE-601
Open Redirect
|
CVE-2020-11663
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
