CVE-2020-15051
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.
Source: CVE-2020-15051
CVE-2020-15779
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
Source: CVE-2020-15779
CVE-2020-14065
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
Source: CVE-2020-14065
CVE-2020-14064
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
Source: CVE-2020-14064
CVE-2020-14066
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
Source: CVE-2020-14066
CVE-2020-12854
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.
Source: CVE-2020-12854
CVE-2020-12684
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
Source: CVE-2020-12684
CVE-2020-15602
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
Source: CVE-2020-15602
CVE-2020-15603
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products’ driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
Source: CVE-2020-15603
CVE-2020-15366
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Source: CVE-2020-15366