Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26150 | 1 Logaritmo | 1 Aware Callmanager | 2024-08-04 | 7.5 High |
| info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | ||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2024-08-04 | 7.5 High |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | ||||
| CVE-2020-24660 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2024-08-04 | 9.8 Critical |
| An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. | ||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-08-04 | 9.8 Critical |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2024-08-04 | 7.5 High |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | ||||
| CVE-2020-13474 | 1 Nchsoftware | 1 Express Accounts | 2024-08-04 | 6.5 Medium |
| In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | ||||
| CVE-2020-11561 | 1 Nchsoftware | 1 Express Invoice | 2024-08-04 | 8.8 High |
| In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | ||||
| CVE-2020-10248 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2024-08-04 | 7.5 High |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | ||||
| CVE-2020-8439 | 1 Monstra | 1 Monstra | 2024-08-04 | 6.5 Medium |
| Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | ||||
| CVE-2020-7541 | 1 Schneider-electric | 40 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 37 more | 2024-08-04 | 5.3 Medium |
| A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. | ||||
| CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-08-04 | 7.5 High |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | ||||
| CVE-2021-44582 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-08-04 | 8.8 High |
| A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. | ||||
| CVE-2021-42748 | 1 Fastlinemedia | 1 Beaver Builder | 2024-08-04 | 5.3 Medium |
| In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | ||||
| CVE-2021-42671 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-08-04 | 7.5 High |
| An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. | ||||
| CVE-2021-40875 | 1 Gurock | 1 Testrail | 2024-08-04 | 7.5 High |
| Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. | ||||
| CVE-2021-40616 | 1 Thinkcmf | 1 Thinkcmf | 2024-08-04 | 6.5 Medium |
| thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | ||||
| CVE-2021-36745 | 1 Trendmicro | 1 Serverprotect | 2024-08-04 | 9.8 Critical |
| A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | ||||
| CVE-2021-36560 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2024-08-04 | 9.8 Critical |
| Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | ||||
| CVE-2021-30144 | 1 Glpi-project | 1 Dashboard | 2024-08-03 | 4.3 Medium |
| The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. | ||||
| CVE-2021-28150 | 1 Hongdian | 2 H8922, H8922 Firmware | 2024-08-03 | 5.5 Medium |
| Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. | ||||