CVE-2020-7796
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Source: CVE-2020-7796
[월:] 2020년 02월
CVE-2020-8633
CVE-2020-8633
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Source: CVE-2020-8633
CVE-2020-9271
CVE-2020-9271
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
Source: CVE-2020-9271
CVE-2020-9270
CVE-2020-9270
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
Source: CVE-2020-9270
CVE-2020-9269
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Source: CVE-2020-9269
CVE-2020-9268
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Source: CVE-2020-9268
CVE-2020-9267
CVE-2020-9267
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
Source: CVE-2020-9267
CVE-2020-9266
CVE-2020-9266
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Source: CVE-2020-9266
CVE-2020-9265
CVE-2020-9265
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
Source: CVE-2020-9265
CVE-2015-7507
CVE-2015-7507
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
Source: CVE-2015-7507