‼ CVE-2020-12518 ‼
📖 Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20138 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20140 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13511 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13518 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12522 ‼
📖 Read
via "National Vulnerability Database".
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20142 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13517 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20141 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27780 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12519 ‼
📖 Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13510 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13527 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20139 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27340 ‼
📖 Read
via "National Vulnerability Database".
The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35474 ‼
📖 Read
via "National Vulnerability Database".
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26177 ‼
📖 Read
via "National Vulnerability Database".
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26173 ‼
📖 Read
via "National Vulnerability Database".
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26174 ‼
📖 Read
via "National Vulnerability Database".
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35478 ‼
📖 Read
via "National Vulnerability Database".
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35480 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.📖 Read
via "National Vulnerability Database".