CVE-2020-13157
modulesusersadminedit.php in NukeViet 4.4 allows CSRF to change a user’s password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
Source: CVE-2020-13157
[월:] 2020년 06월
CVE-2020-13156
CVE-2020-13156
modulesusersadminadd_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
Source: CVE-2020-13156
CVE-2020-14976
CVE-2020-14976
GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context.
Source: CVE-2020-14976
CVE-2020-14073
CVE-2020-14073
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
Source: CVE-2020-14073
CVE-2020-7668
CVE-2020-7668
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Source: CVE-2020-7668
CVE-2020-7664
CVE-2020-7664
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Source: CVE-2020-7664
CVE-2020-4188
CVE-2020-4188
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.
Source: CVE-2020-4188
CVE-2020-11068
CVE-2020-11068
In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4.
Source: CVE-2020-11068
CVE-2020-9438
CVE-2020-9438
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.
Source: CVE-2020-9438
CVE-2020-14965
CVE-2020-14965
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
Source: CVE-2020-14965