|
210361
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a J…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25563
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210362
|
6.5 |
MEDIUM
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.
|
CWE-352
Origin Validation Error
|
CVE-2020-25562
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210363
|
7.8 |
HIGH
Local
|
sapphireims
|
sapphireims
|
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25561
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210364
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25560
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210365
|
7.8 |
HIGH
Local
|
acronis
|
true_image
|
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
|
NVD-CWE-noinfo
|
CVE-2020-25736
|
2024-11-21 14:18 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210366
|
6.7 |
MEDIUM
Local
|
acronis
|
true_image
|
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-25593
|
2024-11-21 14:18 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210367
|
5.4 |
MEDIUM
Network
|
codologic
|
codoforum
|
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload enter…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25879
|
2024-11-21 14:18 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210368
|
4.8 |
MEDIUM
Network
|
blackcat-cms
|
blackcat_cms
|
A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads enter…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25878
|
2024-11-21 14:18 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210369
|
5.4 |
MEDIUM
Network
|
blackcat-cms
|
blackcat_cms
|
A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25877
|
2024-11-21 14:18 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210370
|
5.4 |
MEDIUM
Network
|
codologic
|
codoforum
|
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25876
|
2024-11-21 14:18 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
