» 2020 » 11월

CVE-2020-25952

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-25952

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

Source: CVE-2020-25952

CVE-2020-13772

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.

Source: CVE-2020-13772

CVE-2020-13773

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-13773

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.

Source: CVE-2020-13773

CVE-2020-27423

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-27423

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user’s mailbox

Source: CVE-2020-27423

CVE-2020-27422

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn’t expire once used, allowing an attacker to use the same link to takeover the account.

Source: CVE-2020-27422

CVE-2020-27191

Posted on 2020년 11월 17일2020년 11월 17일 by admin

CVE-2020-27191

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Source: CVE-2020-27191