CVE-2020-14973
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
Source: CVE-2020-14973
[월:] 2020년 06월
CVE-2020-14980
CVE-2020-14980
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
Source: CVE-2020-14980
CVE-2020-14981
CVE-2020-14981
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation.
Source: CVE-2020-14981
CVE-2020-13427
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.
Source: CVE-2020-13427
CVE-2020-13480
CVE-2020-13480
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
Source: CVE-2020-13480
CVE-2020-14049
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.
Source: CVE-2020-14049
CVE-2020-13159
CVE-2020-13159
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
Source: CVE-2020-13159
CVE-2020-10740
CVE-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
Source: CVE-2020-10740
CVE-2020-11519
CVE-2020-11519
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a .SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.
Source: CVE-2020-11519
CVE-2020-11520
CVE-2020-11520
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.
Source: CVE-2020-11520