|
197861
|
9.8 |
CRITICAL
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a …
|
CWE-611
XXE
|
CVE-2020-9352
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197862
|
5.4 |
MEDIUM
Network
|
sas
|
visual_analytics
|
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9350
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197863
|
5.5 |
MEDIUM
Local
|
f-secure
|
cloud_protection_for_salesforce
internet_gatekeeper
email_and_server_security
|
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Pro…
|
CWE-436
Interpretation Conflict
|
CVE-2020-9342
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197864
|
8.8 |
HIGH
Network
|
auieo
|
candidats
|
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
|
CWE-352
Origin Validation Error
|
CVE-2020-9341
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197865
|
7.2 |
HIGH
Network
|
fauzantrif_election_project
|
fauzantrif_election
|
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-9340
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197866
|
5.3 |
MEDIUM
Network
|
smartclient
|
smartclient
|
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transa…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-9351
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197867
|
5.4 |
MEDIUM
Network
|
soplanning
|
soplanning
|
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9339
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197868
|
5.4 |
MEDIUM
Network
|
soplanning
|
soplanning
|
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9338
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197869
|
5.4 |
MEDIUM
Network
|
fauzantrif_election_project
|
fauzantrif_election
|
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9336
|
2024-11-21 14:40 |
2020-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197870
|
5.9 |
MEDIUM
Network
|
gogs
|
gogs
|
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
|
CWE-362
Race Condition
|
CVE-2020-9329
|
2024-11-21 14:40 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
