|
214141
|
7.8 |
HIGH
Local
|
microweber
|
microweber
|
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User scr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13241
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214142
|
7.5 |
HIGH
Network
|
gitea
|
gitea
|
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
|
CWE-667
Improper Locking
|
CVE-2020-13246
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214143
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mec…
|
CWE-668
CWE-276
Exposure of Resource to Wrong Sphere
Incorrect Default Permissions
|
CVE-2020-13240
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214144
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13239
|
2024-11-21 14:00 |
2020-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214145
|
6.5 |
MEDIUM
Network
|
cacti
fedoraproject
|
cacti
fedora
|
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
|
CWE-352
Origin Validation Error
|
CVE-2020-13231
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214146
|
4.3 |
MEDIUM
Network
|
cacti
debian
fedoraproject
|
cacti
debian_linux
fedora
|
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-13230
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214147
|
5.5 |
MEDIUM
Local
|
kde
|
amarok
|
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time,…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-13152
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214148
|
9.8 |
CRITICAL
Network
|
smartbear
|
readyapi
|
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into th…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12835
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214149
|
9.8 |
CRITICAL
Network
|
wso2
|
api_manager
|
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-13226
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214150
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13225
|
2024-11-21 14:00 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
