|
216021
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-11594
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216022
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a cust…
|
CWE-74
Injection
|
CVE-2020-11593
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216023
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
|
NVD-CWE-noinfo
|
CVE-2020-11592
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216024
|
5.3 |
MEDIUM
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
|
NVD-CWE-noinfo
|
CVE-2020-11591
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216025
|
5.3 |
MEDIUM
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
|
NVD-CWE-noinfo
|
CVE-2020-11590
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216026
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that sho…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11589
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216027
|
5.3 |
MEDIUM
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.
|
NVD-CWE-noinfo
|
CVE-2020-11588
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216028
|
4.3 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in…
|
CWE-330
CWE-639
Use of Insufficiently Random Values
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11585
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216029
|
8.8 |
HIGH
Adjacent
|
pulsesecure
|
pulse_connect_secure
pulse_policy_secure
|
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, la…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-11582
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216030
|
8.1 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
pulse_policy_secure
|
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, al…
|
CWE-78
OS Command
|
CVE-2020-11581
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
