|
211441
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26183
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211442
|
6.5 |
MEDIUM
Network
|
dell
|
emc_networker
|
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' r…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-26182
|
2024-11-21 14:19 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211443
|
6.1 |
MEDIUM
Network
|
xerox
|
workcentre_ec7836_firmware
workcentre_ec7856_firmware
|
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26162
|
2024-11-21 14:19 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211444
|
5.5 |
MEDIUM
Local
|
kde
opensuse
|
kdeconnect
leap
backports_sle
|
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a De…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-26164
|
2024-11-21 14:19 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211445
|
8.1 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).
|
CWE-22
Path Traversal
|
CVE-2020-25985
|
2024-11-21 14:19 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211446
|
7.5 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-25987
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211447
|
6.5 |
MEDIUM
Network
|
monocms
|
monocms
|
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.
|
CWE-352
Origin Validation Error
|
CVE-2020-25986
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211448
|
8.8 |
HIGH
Network
|
cuppacms
|
cuppacms
|
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function prov…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26048
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211449
|
7.5 |
HIGH
Network
|
clickstudios
|
passwordstate
|
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26061
|
2024-11-21 14:19 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211450
|
5.4 |
MEDIUM
Network
|
qdpm
|
qdpm
|
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26166
|
2024-11-21 14:19 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
