Lucene search
K

10053 matches found

OSV
OSV
added 2020/10/01 8:15 p.m.4 views

CVE-2020-5788

Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action...

6.5CVSS6.7AI score0.01191EPSS
Exploits1References1
NCSC
NCSC
added 2020/10/01 12:0 a.m.6 views

Vulnerability fixed in FortiOS

A vulnerability has been fixed in FortiOS. The vulnerability allows an authenticated malicious party the ability to cause a denial-of-service denial-of-service. Fortinet has released updates to fix the vulnerability. More information can be found on the page below:...

6.5CVSS6.5AI score0.01566EPSS
Exploits0
OSV
OSV
added 2020/09/30 6:15 p.m.5 views

CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

4.9CVSS5.9AI score0.03356EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/09/29 12:0 a.m.9 views

PT-2020-20064 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: A vulnerability in the Pulse Connect Secure admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML Extern...

4.9CVSS5.2AI score0.03356EPSS
Exploits1References5
OSV
OSV
added 2020/09/25 2:15 p.m.3 views

CVE-2020-15370

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files...

6.5CVSS6.9AI score0.01046EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 2:15 p.m.5 views

CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remo...

8.8CVSS7.4AI score0.01002EPSS
Exploits0References1
OSV
OSV
added 2020/09/24 2:15 p.m.5 views

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

7.2CVSS7.1AI score0.01891EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/09/24 12:0 a.m.4 views

PT-2020-5089 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker...

8.5CVSS8.1AI score0.01374EPSS
Exploits0References4
OSV
OSV
added 2020/09/23 2:15 p.m.4 views

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

7.2CVSS5.8AI score0.00652EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 1:15 a.m.2 views

CVE-2020-3130

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

6.5CVSS6.4AI score0.0181EPSS
Exploits0References1
Veracode
Veracode
added 2020/09/21 6:30 a.m.27 views

Arbitrary Code Execution

ntp is vulnerable to arbitrary code execution. Multiple buffer overflows in the ctlput functions allow remote authenticated attackers to potentially execute arbitrary code on the host OS via a long variable...

8.8CVSS7.4AI score0.06515EPSS
Exploits0References20Affected Software2
OSV
OSV
added 2020/09/17 8:15 p.m.3 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References3
OSV
OSV
added 2020/09/14 4:15 p.m.3 views

CVE-2020-25379

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer' parameter which allows an authenticated attacker to inject a malicious SQL query...

8.8CVSS7.3AI score0.01928EPSS
Exploits2References1
OSV
OSV
added 2020/09/11 5:15 p.m.5 views

CVE-2020-1345

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

7.4CVSS7AI score0.02687EPSS
Exploits0References1
OSV
OSV
added 2020/09/11 5:15 p.m.3 views

CVE-2020-16859

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS6.3AI score0.0164EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 4:15 p.m.7 views

CVE-2020-24566

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then under certain circumstances the account password is exposed in...

7.5CVSS7.2AI score0.01812EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.54 views

Active Directory Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Active Directory integrated DNS ADIDNS mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an...

8.8CVSS3.8AI score0.03608EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.2 views

PT-2020-4075 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site-scripting XSS issue...

7.8CVSS7.1AI score0.02665EPSS
Exploits1References5
OSV
OSV
added 2020/09/02 4:15 p.m.2 views

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

8.8CVSS5.8AI score0.52717EPSS
Exploits1References4
NVD
NVD
added 2020/09/01 2:15 p.m.17 views

CVE-2020-6120

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.4AI score0.01403EPSS
Exploits1References1
Rows per page
Query Builder