|
209071
|
4.3 |
MEDIUM
Network
|
eramba
|
eramba
|
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.
|
CWE-20
CWE-74
Improper Input Validation
Injection
|
CVE-2020-28031
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209072
|
7.5 |
HIGH
Network
|
wireshark
debian
fedoraproject
|
wireshark
debian_linux
fedora
|
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
|
CWE-682
CWE-770
CWE-835
Incorrect Calculation
Allocation of Resources Without Limits or Throttling
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-28030
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209073
|
5.3 |
MEDIUM
Network
|
sonarsource
|
sonarqube
|
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allo…
|
CWE-287
Improper Authentication
|
CVE-2020-28002
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209074
|
7.8 |
HIGH
Local
|
wondershare
|
dr.fone
|
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-27992
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209075
|
6.1 |
MEDIUM
Network
|
icewarp
|
mail_server
|
IceWarp 11.4.5.0 allows XSS via the language parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27982
|
2024-11-21 14:22 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209076
|
9.8 |
CRITICAL
Network
|
fast-report
|
fastreport
|
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.
|
CWE-862
Missing Authorization
|
CVE-2020-27998
|
2024-11-21 14:22 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209077
|
8.8 |
HIGH
Network
|
smartstore
|
smartstorenet
|
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
|
NVD-CWE-noinfo
|
CVE-2020-27996
|
2024-11-21 14:22 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209078
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
|
CWE-89
SQL Injection
|
CVE-2020-27995
|
2024-11-21 14:22 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209079
|
5.3 |
MEDIUM
Network
|
hrsale
|
hrsale
|
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
|
CWE-22
Path Traversal
|
CVE-2020-27993
|
2024-11-21 14:22 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209080
|
7.5 |
HIGH
Network
|
sonarsource
|
sonarqube
|
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it …
|
CWE-306
CWE-312
Missing Authentication for Critical Function
Cleartext Storage of Sensitive Information
|
CVE-2020-27986
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
