CVE-2020-25564 (sapphireims)
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. Devamını Oku
Devamını oku
CVE-2020-25561 (sapphireims)
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. Devamını Oku
CVE-2020-25562 (sapphireims)
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. Devamını Oku
CVE-2020-25563 (sapphireims)
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. Devamını Oku
CVE-2020-24576
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITYSYSTEM. Devamını Oku
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. Devamını Oku
CVE-2020-20975
In libadminactiondataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. Devamını Oku
CVE-2020-20977
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. Devamını Oku
CVE-2020-20979
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. Devamını Oku
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. Devamını Oku
CVE-2020-20977 (ukcms)
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. Devamını Oku
CVE-2020-20979 (ljcms)
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. Devamını Oku