|
210401
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
worry-free_business_security
|
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporar…
|
NVD-CWE-Other
|
CVE-2020-24557
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210402
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
worry-free_business_security
worry-free_business_security_services
|
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard l…
|
CWE-59
Link Following
|
CVE-2020-24556
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210403
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimple_cms
|
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser …
|
CWE-79
Cross-site Scripting
|
CVE-2020-23839
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210404
|
8.8 |
HIGH
Network
|
sagemcom
|
f\@st_5280_router_firmware
|
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request wi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24034
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210405
|
8.8 |
HIGH
Network
|
oswapp
|
warehouse_inventory_system
|
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after …
|
CWE-352
Origin Validation Error
|
CVE-2020-23836
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210406
|
6.1 |
MEDIUM
Network
|
tailor_management_system_project
|
tailor_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauth…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23835
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210407
|
6.1 |
MEDIUM
Network
|
stock_management_system_project
|
stock_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and sess…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23831
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210408
|
8.8 |
HIGH
Network
|
librehealth
|
librehealth_ehr
|
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the host…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23829
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210409
|
7.5 |
HIGH
Network
|
gmapfp
|
gmapfp
|
gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-23971
|
2024-11-21 14:14 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210410
|
7.5 |
HIGH
Network
|
liferay
|
liferay_portal
|
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by …
|
CWE-601
Open Redirect
|
CVE-2020-24554
|
2024-11-21 14:14 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
