National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,200 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

Published: March 27, 2020; 10:15:12 AM -04:00
(not available)
CVE-2020-10607

In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

Published: March 27, 2020; 10:15:12 AM -04:00
(not available)
CVE-2020-1773

It's possible that an authenticated user guess other session IDs based on its own. Also it's possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

Published: March 27, 2020; 09:15:15 AM -04:00
(not available)
CVE-2020-1772

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: March 27, 2020; 09:15:15 AM -04:00
(not available)
CVE-2020-1771

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: March 27, 2020; 09:15:15 AM -04:00
(not available)
CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: March 27, 2020; 09:15:15 AM -04:00
(not available)
CVE-2020-1769

In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Published: March 27, 2020; 09:15:15 AM -04:00
(not available)
CVE-2020-10510

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

Published: March 27, 2020; 04:15:13 AM -04:00
(not available)
CVE-2020-10509

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

Published: March 27, 2020; 04:15:13 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.

Published: March 27, 2020; 04:15:12 AM -04:00
(not available)
CVE-2020-3936

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

Published: March 27, 2020; 12:15:10 AM -04:00
(not available)
CVE-2020-3921

UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.

Published: March 27, 2020; 12:15:10 AM -04:00
(not available)
CVE-2020-3920

UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.

Published: March 27, 2020; 12:15:10 AM -04:00
(not available)
CVE-2020-10993

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.

Published: March 26, 2020; 08:15:11 PM -04:00
(not available)
CVE-2020-10992

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.

Published: March 26, 2020; 08:15:11 PM -04:00
(not available)
CVE-2020-10991

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java

Published: March 26, 2020; 08:15:11 PM -04:00
(not available)
CVE-2020-10990

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.

Published: March 26, 2020; 08:15:11 PM -04:00
(not available)
CVE-2020-9468

The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

Published: March 26, 2020; 04:15:11 PM -04:00
(not available)
CVE-2020-9467

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Published: March 26, 2020; 04:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

Published: March 26, 2020; 01:15:23 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH