CVE-2020-4074 (prestashop)

In PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.7.6.

Source

/by

CVE-2020-15083 (prestashop)

In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6

Source

/by

CVE-2020-15082 (prestashop)

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6

Source

/by

CVE-2020-15081 (prestashop)

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.

Source

/by

CVE-2020-11074 (prestashop)

In PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.7.6.

Source

/by

CVE-2019-4704 (security_identity_manager_virtual_appliance)

IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.

Source

/by

CVE-2020-13383 (opensis)

openSIS through 7.4 allows Directory Traversal.

Source

/by

CVE-2020-13381 (opensis)

openSIS through 7.4 allows SQL Injection.

Source

/by

CVE-2020-13380 (opensis)

openSIS before 7.4 allows SQL Injection.

Source

/by

CVE-2020-13382 (opensis)

openSIS through 7.4 has Incorrect Access Control.

Source

/by