|
211701
|
7.8 |
HIGH
Local
|
home_dns_server_project
|
home_dns_server
|
An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26132
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211702
|
7.8 |
HIGH
Local
|
open_dhcp_server_project
|
open_dhcp_server
|
Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can ele…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26131
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211703
|
7.8 |
HIGH
Local
|
open_tftp_server_project
|
open_tftp_server
|
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can ele…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-26130
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211704
|
7.5 |
HIGH
Network
|
sectona
|
spectra
|
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25966
|
2024-11-21 14:19 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211705
|
6.1 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
|
CWE-601
Open Redirect
|
CVE-2020-26161
|
2024-11-21 14:19 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211706
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26183
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211707
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' r…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26182
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211708
|
6.1 |
MEDIUM
Network
|
xerox
|
workcentre_ec7836_firmware
workcentre_ec7856_firmware
|
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26162
|
2024-11-21 14:19 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211709
|
5.5 |
MEDIUM
Local
|
kde
opensuse
|
kdeconnect
leap
backports_sle
|
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-26164
|
2024-11-21 14:19 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211710
|
8.1 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).
|
CWE-22
Path Traversal
|
CVE-2020-25985
|
2024-11-21 14:19 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
