CVE-2020-4759
IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.
Source: CVE-2020-4759
CVE-2020-4650
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.
Source: CVE-2020-4650
CVE-2020-4651
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.
Source: CVE-2020-4651
CVE-2020-28364
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.
Source: CVE-2020-28364
CVE-2020-26542
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server. When used to authenticate against Microsoft Active Directory, it suffers from an authentication validation issue whereby a blank password can be used to authenticate with the service successfully.
Source: CVE-2020-26542
CVE-2020-27977
CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.
Source: CVE-2020-27977
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
Source: CVE-2020-23140
CVE-2020-23138
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Source: CVE-2020-23138
CVE-2020-23136
Microweber v1.1.18 is affected by no session expiry after log-out.
Source: CVE-2020-23136
CVE-2020-23139
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
Source: CVE-2020-23139