CVE-2020-28693
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET...
Monthly Archive: November 2020
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Date published : 2020-11-16 https://github.com/jkana/Gila-CMS-1.16.0-shell-upload
CVE-2020-27991
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). Date published : 2020-11-16 https://www.nagios.com/downloads/nagios-xi/change-log/
CVE-2020-27990
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). Date published : 2020-11-16 https://www.nagios.com/downloads/nagios-xi/change-log/
CVE-2020-27989
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). Date published : 2020-11-16 https://www.nagios.com/downloads/nagios-xi/change-log/
CVE-2020-27988
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). Date published : 2020-11-16 https://www.nagios.com/downloads/nagios-xi/change-log/
CVE-2020-27629
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27627
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27626
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27625
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. Date published : 2020-11-16 Home
CVE-2020-27624
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27623
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home
CVE-2020-27622
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. Date published : 2020-11-16 JetBrains Security Bulletin Q3 2020 Home