CVE-2019-14884
A vulnerability was found in Moodle through versions 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
Source: CVE-2019-14884
[월:] 2020년 03월
CVE-2019-14883
CVE-2019-14883
A vulnerability was found in Moodle through version 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user’s account was no longer active. Note: to access files, a user would need to know the file path, and their token.
Source: CVE-2019-14883
CVE-2019-14881
CVE-2019-14881
A vulnerability was found in moodle through 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.
Source: CVE-2019-14881
CVE-2019-14882
CVE-2019-14882
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.
Source: CVE-2019-14882
CVE-2020-3922
CVE-2020-3922
LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.
Source: CVE-2020-3922
CVE-2020-10659
CVE-2020-10659
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.
Source: CVE-2020-10659
CVE-2020-8470
CVE-2020-8470
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Source: CVE-2020-8470
CVE-2020-8598
CVE-2020-8598
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Source: CVE-2020-8598
CVE-2020-8600
CVE-2020-8600
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
Source: CVE-2020-8600
CVE-2020-8599
CVE-2020-8599
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Source: CVE-2020-8599