CVE-2020-5188

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.

Source: CVE-2020-5188

CVE-2015-9542

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Source: CVE-2015-9542

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the –no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Source: CVE-2019-20044

CVE-2019-15299

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.

Source: CVE-2019-15299

CVE-2019-3670

Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.

Source: CVE-2019-3670

CVE-2020-9355

danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.

Source: CVE-2020-9355

CVE-2020-9354

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal.

Source: CVE-2020-9354

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter.

Source: CVE-2020-9353

CVE-2020-9352

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.

Source: CVE-2020-9352

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path).

Source: CVE-2020-9351