CVE-2020-22607
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
Source: CVE-2020-22607
[월:] 2021년 06월
CVE-2020-22608
CVE-2020-22608
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
Source: CVE-2020-22608
CVE-2021-35525
CVE-2021-35525
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur … I’m not sure if there’s a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
Source: CVE-2021-35525
CVE-2020-20640
CVE-2020-20640
Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.
Source: CVE-2020-20640
CVE-2021-35523
CVE-2021-35523
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITYSYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%Securepoint SSL VPN" and add a external script file that is executed as privileged user.
Source: CVE-2021-35523
CVE-2020-23711
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
Source: CVE-2020-23711
CVE-2020-23715
CVE-2020-23715
Directory Traversal vulnerability in Webport CMS 1.19.10.17121 in http://localhost/file/download via the file value.
Source: CVE-2020-23715
CVE-2021-20574
CVE-2021-20574
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.
Source: CVE-2021-20574
CVE-2021-34254
CVE-2021-34254
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
Source: CVE-2021-34254
CVE-2021-34187
CVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
Source: CVE-2021-34187