|
214611
|
6.5 |
MEDIUM
Network
|
telegram
|
telegram
telegram_desktop
|
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
|
NVD-CWE-noinfo
|
CVE-2020-12474
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214612
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_5100a_firmware
|
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthentic…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12117
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214613
|
7.0 |
HIGH
Local
|
fedoraproject
opensuse
sqliteodbc_project
|
fedora
backports_sle
sqliteodbc
|
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new co…
|
CWE-362
Race Condition
|
CVE-2020-12050
|
2024-11-21 13:59 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214614
|
4.3 |
MEDIUM
Network
|
xt-commerce
|
xt-commerce
|
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-12101
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214615
|
6.1 |
MEDIUM
Network
|
sourcegraph
|
sourcegraph
|
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com su…
|
CWE-601
Open Redirect
|
CVE-2020-12283
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214616
|
8.8 |
HIGH
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-12479
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214617
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-12478
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214618
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
|
CWE-863
Incorrect Authorization
|
CVE-2020-12477
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214619
|
9.8 |
CRITICAL
Network
|
mono
|
monox
|
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGaller…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-12471
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214620
|
7.2 |
HIGH
Network
|
mono
|
monox
|
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-12470
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
