CVE-2020-5747
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.
Source: CVE-2020-5747
[월:] 2020년 05월
CVE-2020-5744
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
Source: CVE-2020-5744
CVE-2020-11431
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.
Source: CVE-2020-11431
CVE-2020-12448
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
Source: CVE-2020-12448
CVE-2020-12608
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%SolarWinds MSPSolarWinds.MSP.CacheServiceconfig. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
Source: CVE-2020-12608
CVE-2020-12679
CVE-2020-12679
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
Source: CVE-2020-12679
CVE-2020-5743
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don’t have permission.
Source: CVE-2020-5743
CVE-2020-12683
CVE-2020-6651
CVE-2020-6651
Improper Input Validation in Eaton’s Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
Source: CVE-2020-6651
CVE-2020-6652
CVE-2020-6652
Incorrect Privilege Assignment vulnerability in Eaton’s Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.
Source: CVE-2020-6652