| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. |
| Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. |
| Adive Framework 2.0.8 has admin/user/add userName XSS. |
| Adive Framework 2.0.8 has admin/user/add userUsername XSS. |
| An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens. |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. |
| An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). |
| sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. |
| GitLab EE 8.9 and later through 12.7.2 has Insecure Permission |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. |
| GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. |
| GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. |
| GitLab through 12.7.2 allows XSS. |
| GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). |
| GitLab EE 11.0 and later through 12.7.2 allows XSS. |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. |