|
216011
|
5.4 |
MEDIUM
Network
|
contact-form-7-datepicker_project
|
contact-form-7-datepicker
|
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the un…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11516
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216012
|
8.8 |
HIGH
Network
|
nchsoftware
|
express_invoice
|
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-11561
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216013
|
4.3 |
MEDIUM
Physics
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-11608
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216014
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
|
NVD-CWE-noinfo
|
CVE-2020-11587
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216015
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
|
CWE-611
XXE
|
CVE-2020-11586
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216016
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11599
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216017
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
|
CWE-306
CWE-434
Missing Authentication for Critical Function
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11598
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216018
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
|
CWE-89
SQL Injection
|
CVE-2020-11597
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216019
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files a…
|
CWE-22
Path Traversal
|
CVE-2020-11596
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216020
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
|
NVD-CWE-noinfo
|
CVE-2020-11595
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
