Show filters
666 Total Results
Displaying 161-170 of 666
Sort by:
Attacker Value
Unknown
CVE-2020-35201
Disclosure Date: December 12, 2020 (last updated February 22, 2025)
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
0
Attacker Value
Unknown
CVE-2020-35199
Disclosure Date: December 12, 2020 (last updated February 22, 2025)
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
0
Attacker Value
Unknown
CVE-2020-35202
Disclosure Date: December 12, 2020 (last updated February 22, 2025)
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
0
Attacker Value
Unknown
CVE-2020-35127
Disclosure Date: December 11, 2020 (last updated February 22, 2025)
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
0
Attacker Value
Unknown
CVE-2019-18990
Disclosure Date: September 30, 2020 (last updated February 22, 2025)
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
0
Attacker Value
Unknown
CVE-2020-23834
Disclosure Date: September 04, 2020 (last updated February 22, 2025)
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.
0
Attacker Value
Unknown
CVE-2020-24602
Disclosure Date: September 02, 2020 (last updated February 22, 2025)
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
0
Attacker Value
Unknown
CVE-2020-24604
Disclosure Date: September 02, 2020 (last updated February 22, 2025)
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
0
Attacker Value
Unknown
CVE-2020-24601
Disclosure Date: September 02, 2020 (last updated February 22, 2025)
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
0
Attacker Value
Unknown
CVE-2020-7714
Disclosure Date: September 01, 2020 (last updated February 22, 2025)
All versions of package confucious are vulnerable to Prototype Pollution via the set function.
0
