Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 4,770 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2020-12530

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.

Published: March 02, 2021; 5:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.

Published: March 02, 2021; 5:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-12528

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.

Published: March 02, 2021; 5:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.

Published: March 02, 2021; 5:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.

Published: March 02, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.

Published: March 02, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

Published: March 02, 2021; 2:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-22296

A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.

Published: March 02, 2021; 2:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-22294

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.

Published: March 02, 2021; 2:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-22187

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.

Published: March 02, 2021; 2:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.

Published: March 02, 2021; 2:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-3384

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.

Published: March 02, 2021; 1:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-25330

Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.

Published: March 02, 2021; 1:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-4726

The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.

Published: March 02, 2021; 12:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-4725

IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.

Published: March 02, 2021; 12:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-4719

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

Published: March 02, 2021; 12:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-23518

Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.

Published: March 02, 2021; 12:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21514

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Published: March 02, 2021; 11:15:12 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21513

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

Published: March 02, 2021; 11:15:12 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-25902

Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.

Published: March 02, 2021; 8:15:15 AM -0500
V3.x:(not available)
V2.0:(not available)