CVE-2020-8440
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
Source: CVE-2020-8440
월: 2020 1월
CVE-2013-5112
CVE-2019-19550
CVE-2019-19550
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.
Source: CVE-2019-19550
CVE-2013-3322
CVE-2013-3322
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
Source: CVE-2013-3322
CVE-2020-7219
CVE-2020-7219
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
Source: CVE-2020-7219
CVE-2020-7956
CVE-2020-7956
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
Source: CVE-2020-7956
CVE-2020-7955
CVE-2020-7955
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Source: CVE-2020-7955
CVE-2020-7914
CVE-2020-7914
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
Source: CVE-2020-7914
CVE-2020-7218
CVE-2020-7218
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.
Source: CVE-2020-7218
CVE-2020-5526
CVE-2020-5526
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: CVE-2020-5526