|
201661
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side reques…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-8540
|
2024-11-21 14:38 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201662
|
6.5 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit UR…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-8439
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201663
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8113
|
2024-11-21 14:38 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201664
|
8.8 |
HIGH
Network
|
phpipam
|
phpipam
|
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and function…
|
CWE-352
Origin Validation Error
|
CVE-2020-7988
|
2024-11-21 14:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201665
|
7.5 |
HIGH
Network
|
bittorrent
|
utorrent
|
The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-8437
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201666
|
2.5 |
LOW
Local
|
suse
opensuse
|
linux_enterprise_server
leap
|
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spe…
|
-
|
CVE-2020-8013
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201667
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-8500
|
2024-11-21 14:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201668
|
9.8 |
CRITICAL
Network
|
pdf-image_project
|
pdf-image
|
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
|
CWE-20
Improper Input Validation
|
CVE-2020-8132
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201669
|
6.1 |
MEDIUM
Network
|
revealjs
|
reveal.js
|
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8127
|
2024-11-21 14:38 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201670
|
7.5 |
HIGH
Network
|
yarnpkg
|
yarn
|
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install …
|
CWE-22
Path Traversal
|
CVE-2020-8131
|
2024-11-21 14:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
