4423 matches found
Magento Mass Importer < 0.7.24 Remote Authentication Bypass
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.24 suffer from a remote authentication bypass vulnerability by exhausting the database connections pool and then allowing an...
CVE-2020-24614
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository...
Vulnerability fixed in SAP S/4 HANA
SAP has fixed a vulnerability in SAP S/4 HANA. By exploiting this vulnerability, a malicious person with user privileges remotely bypass authentication and make data make data inaccessible. SAP has made an update available to fix the vulnerability fix, see for more information:...
Vulnerabilities fixed in SAP Netweaver
SAP has fixed several vulnerabilities in SAP Netweaver. These vulnerabilities allow malicious actors to remotely bypass authentication, execute arbitrary code, conduct a cross-site scripting attack, upload files and view sensitive information. SAP has released updates to address these...
CVE-2020-16169
Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified...
Cross-Site Scripting (XSS)
restws is vulnerable to cross-site scripting. A remotely authenticated user is able inject and execute arbitary Javascript in another user's browser...
CVE-2020-10918
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due t...
PT-2020-6439
Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.0 through 6.0.9 FortiOS versions 6.2.0 through 6.2.3 FortiOS version 6.4.0 Description An improper authentication issue exists in the SSL VPN functionality of FortiOS. This allows attackers to bypass two-factor...
Path traversal
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files...
Magmi (Magento Mass Importer) < 0.7.24 Remote Authentication Bypass Vulnerability
Magmi is prone to a remote authentication bypass vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
CVE-2020-5580
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors...
CVE-2020-14950
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
CVE-2020-13444
Affected software: Liferay Portal 7.x (7.0/7.1/7.2) prior to specific fix packs and Liferay DXP 7.x before their corresponding fixes. Vulnerability: the DDMDataProvider API may leak authentication data; information returned by the API is not properly sanitized, allowing remote authenticated users...
CVE-2020-6640
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack XSS via the Description Area...
CVE-2020-4180
IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735...
CVE-2020-5577
Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....
CVE-2020-5577
Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....
Default credentials
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2020-5890
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...
Design/Logic Flaw
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...