|
213601
|
5.4 |
MEDIUM
Network
|
qdpm
|
qdpm
|
A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.
|
CWE-74
Injection
|
CVE-2020-11814
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213602
|
5.4 |
MEDIUM
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11813
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213603
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11812
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213604
|
9.8 |
CRITICAL
Network
|
qdpm
|
qdpm
|
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11811
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213605
|
6.5 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.
|
NVD-CWE-noinfo
|
CVE-2020-11660
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213606
|
4.3 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11659
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213607
|
9.8 |
CRITICAL
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-11658
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213608
|
8.8 |
HIGH
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-11666
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213609
|
6.1 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
CWE-601
Open Redirect
|
CVE-2020-11665
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213610
|
6.1 |
MEDIUM
Network
|
broadcom
|
ca_api_developer_portal
|
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
CWE-601
Open Redirect
|
CVE-2020-11664
|
2024-11-21 13:58 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
