|
213391
|
7.5 |
HIGH
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no a…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-14015
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213392
|
5.4 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to re…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14014
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213393
|
5.4 |
MEDIUM
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14007
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213394
|
5.4 |
MEDIUM
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14006
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213395
|
8.8 |
HIGH
Network
|
solarwinds
|
orion_network_performance_monitor
orion_web_performance_monitor
|
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
|
NVD-CWE-noinfo
|
CVE-2020-14005
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213396
|
5.4 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScri…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14073
|
2024-11-21 14:02 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213397
|
7.5 |
HIGH
Network
|
rakuten
|
viber
|
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication req…
|
CWE-88
Argument Injection
|
CVE-2020-14049
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213398
|
8.8 |
HIGH
Network
|
kordil_edms_project
|
kordil_edms
|
documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13887
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213399
|
5.4 |
MEDIUM
Network
|
kordil_edms_project
|
kordil_edms
|
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13888
|
2024-11-21 14:02 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213400
|
8.2 |
HIGH
Network
|
ibi
|
webfocus_business_intelligence
|
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps…
|
CWE-611
XXE
|
CVE-2020-14204
|
2024-11-21 14:02 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
