Skip to main content
CVE-2020-8505 MEDIUM POC This Month

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Management Software Php Mysql
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8504 MEDIUM POC This Month

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP School Management Software Php Mysql
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8503 MEDIUM This Month

Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secure File Transfer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5234 MEDIUM PATCH This Month

MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Stack Overflow Messagepack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-5526 MEDIUM This Month

The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Apple Apeosware Management Suite
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-7955 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Information Disclosure HashiCorp Consul
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-8422 MEDIUM This Month

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Remote Access Plus
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy