|
214431
|
6.1 |
MEDIUM
Network
|
oscommerce
|
ce_phoenix
|
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2020-12058
|
2024-11-21 13:59 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214432
|
6.1 |
MEDIUM
Physics
|
teamwire
|
teamwire
|
The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12621
|
2024-11-21 13:59 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214433
|
5.4 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12646
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214434
|
9.8 |
CRITICAL
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-12645
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214435
|
5.0 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-12644
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214436
|
4.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-12643
|
2024-11-21 13:59 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214437
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_connect
|
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper renderin…
|
CWE-22
Path Traversal
|
CVE-2020-12456
|
2024-11-21 13:59 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214438
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way invol…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-12457
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214439
|
5.9 |
MEDIUM
Network
|
freron
|
mailmate
|
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate …
|
NVD-CWE-noinfo
|
CVE-2020-12619
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214440
|
4.8 |
MEDIUM
Network
|
emclient
|
em_client
|
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME cert…
|
NVD-CWE-noinfo
|
CVE-2020-12618
|
2024-11-21 13:59 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
