|
219951
|
8.8 |
HIGH
Network
|
nchsoftware
|
express_invoice
|
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-11561
|
2024-11-21 13:58 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219952
|
4.3 |
MEDIUM
Physics
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoin…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-11608
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219953
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
|
NVD-CWE-noinfo
|
CVE-2020-11587
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219954
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
|
CWE-611
XXE
|
CVE-2020-11586
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219955
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11599
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219956
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
|
CWE-306
CWE-434
Missing Authentication for Critical Function
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11598
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219957
|
9.8 |
CRITICAL
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
|
CWE-89
SQL Injection
|
CVE-2020-11597
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219958
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files a…
|
CWE-22
Path Traversal
|
CVE-2020-11596
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219959
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
|
NVD-CWE-noinfo
|
CVE-2020-11595
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219960
|
7.5 |
HIGH
Network
|
cipplanner
|
cipace
|
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-11594
|
2024-11-21 13:58 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
