Showing topics marked with the following tags:

(10 of 35)

Sort by:
Attacker Value
Low

CVE-2020-9339

Disclosure Date: February 22, 2020 (last updated March 10, 2020)
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Attack Vector: Network
0
Attacker Value
High

CVE-2020-1985

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-1984

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-3153

Disclosure Date: February 20, 2020 (last updated April 22, 2020)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Attack Vector: Local
0
Attacker Value
Very High

CVE-2018-8302

Disclosure Date: August 15, 2018 (last updated March 10, 2020)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
Attack Vector: Network
0
Attacker Value
Very Low

CVE-2020-5308

Disclosure Date: January 07, 2020 (last updated March 10, 2020)
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-9442

Disclosure Date: February 28, 2020 (last updated March 10, 2020)
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Attack Vector: Local
0
Attacker Value
Very Low

CVE-2018-19131

Disclosure Date: November 09, 2018 (last updated March 10, 2020)
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-1986

Disclosure Date: April 08, 2020 (last updated April 11, 2020)
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated March 10, 2020)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attack Vector: Network
0