National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,245 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2020-8633

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.

Published: February 18, 2020; 05:15:10 PM -05:00
(not available)
CVE-2020-7796

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Published: February 18, 2020; 05:15:10 PM -05:00
(not available)
CVE-2020-9271

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.

Published: February 18, 2020; 02:15:17 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9270

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.

Published: February 18, 2020; 02:15:17 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-9269

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.

Published: February 18, 2020; 02:15:17 PM -05:00
V3.1: 7.2 HIGH
    V2: 9.0 HIGH
CVE-2020-9268

SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.

Published: February 18, 2020; 02:15:17 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.

Published: February 18, 2020; 02:15:16 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9266

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.

Published: February 18, 2020; 02:15:16 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-9265

phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.

Published: February 18, 2020; 02:15:16 PM -05:00
(not available)
CVE-2015-7507

libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.

Published: February 18, 2020; 02:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-4228

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

Published: February 18, 2020; 02:15:11 PM -05:00
(not available)
CVE-2013-4226

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.

Published: February 18, 2020; 02:15:11 PM -05:00
(not available)
CVE-2015-7567

SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.

Published: February 18, 2020; 01:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-7505

Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.

Published: February 18, 2020; 01:15:11 PM -05:00
(not available)
CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.

Published: February 18, 2020; 01:15:10 PM -05:00
(not available)
CVE-2019-10791

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.

Published: February 18, 2020; 12:15:14 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-3879

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Published: February 18, 2020; 12:15:12 PM -05:00
(not available)
CVE-2013-6295

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module

Published: February 18, 2020; 12:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

Published: February 18, 2020; 12:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 6.8 MEDIUM
CVE-2013-2679

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.

Published: February 18, 2020; 12:15:12 PM -05:00
(not available)