PT-2020-18696 · Instructure · Canvas Lms

Name of the Vulnerable Software and Affected Versions: Canvas LMS affected versions not specified Description: The issue allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. This is related to a Server-Side Request Forgery...

Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure

Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...

Design/Logic Flaw

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539...

CVE-2020-4410

CVE-2020-4410 affects IBM Jazz Foundation and IBM Engineering products, enabling an authenticated user to read attachments they should not access via a specially crafted HTTP GET request. Public details from IBM bulletin and CNVD corroborate an information-disclosure flaw in IBM Engineering Test ...

CVE-2020-13820

Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request...

D-Link DIR-816L Information Disclosure Vulnerability (CVE-2020-15894)

The D-Link DIR-816L is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

D-Link DAP-1522 Authentication Bypass Vulnerability (CVE-2020-15896)

The D-Link DAP-1522 is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass

Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3 Summary: Medivision is a service that provides everything from DID operatio...

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

ATutor 2.2.4 Directory Traversal / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ATutor 2.2.4 - Directory Traversal / Remote Code Execution, ', 'Description' = %q This module exploits an arbitrary file upload vulnerability...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

Design/Logic Flaw

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

CVE-2020-14932

CVE-2020-14932 affects SquirrelMail 1.4.22, where compose.php unserializes the $mailtodata value originating from an HTTP GET request (related to mailto.php). The underlying issue is unsafe deserialization in PHP, enabling potentially arbitrary object injection. CVSS vectors in the entry indicate...

CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webma...

Denial Of Service (DoS)

Python is vulnerable to denial of serviceDoS. Due to a flaw found in the way the Python CGIHTTPServer module processed certain HTTP GET requests, a remote attacker could use a specially-crafted request to obtain the CGI script's source code...

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...