CVE-2020-3530
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The...
Monthly Archive: September 2020
CVE-2020-3498
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability...
CVE-2020-3495
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by...
CVE-2020-3478
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is...
CVE-2020-3473
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the...
CVE-2020-3453
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as...
CVE-2020-3451
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as...
CVE-2020-3430
A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the...
CVE-2020-3365
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability...
CVE-2020-25125
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker’s OpenPGP key, and this key has AEAD preferences....
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html
CVE-2020-25123
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html
CVE-2020-25122
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. Date published : 2020-09-03 https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html