CVE-2020-15885
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
Source: CVE-2020-15885
[월:] 2020년 07월
CVE-2020-15688
CVE-2020-15688
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit request replay attacks for local requests over HTTP.
Source: CVE-2020-15688
CVE-2020-15908
CVE-2020-15908
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.
Source: CVE-2020-15908
CVE-2020-15904
CVE-2020-15904
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
Source: CVE-2020-15904
CVE-2020-10917
CVE-2020-10917
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.
Source: CVE-2020-10917
CVE-2020-15126
CVE-2020-15126
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
Source: CVE-2020-15126
CVE-2020-15902
CVE-2020-15902
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
Source: CVE-2020-15902
CVE-2020-15901
CVE-2020-15901
ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to execute arbitrary commands via cmdsubsys.
Source: CVE-2020-15901
CVE-2020-4371
CVE-2020-4371
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
Source: CVE-2020-4371
CVE-2020-4399
CVE-2020-4399
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.
Source: CVE-2020-4399