CVE-2020-13476
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
Source: CVE-2020-13476
[월:] 2020년 12월
CVE-2020-13474
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
Source: CVE-2020-13474
CVE-2020-13473
CVE-2020-13473
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
Source: CVE-2020-13473
CVE-2020-27172
CVE-2020-27172
An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.
Source: CVE-2020-27172
CVE-2020-35730
CVE-2020-35730
linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a crafted email message.
Source: CVE-2020-35730
CVE-2020-35616
CVE-2020-35616
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
Source: CVE-2020-35616
CVE-2020-35766
CVE-2020-35766
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.
Source: CVE-2020-35766
CVE-2020-14273
CVE-2020-14273
HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.
Source: CVE-2020-14273
CVE-2020-35612
CVE-2020-35612
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Source: CVE-2020-35612
CVE-2020-25507
CVE-2020-25507
An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment.
Source: CVE-2020-25507