Security Vulnerabilities - CVEs Published In February 2020
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-10
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-02-10
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
CVSS Score
5.7
EPSS Score
0.005
Published
2020-02-10
InfoSphere Guardium aix_ktap module: DoS
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-10
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error
CVSS Score
6.5
EPSS Score
0.019
Published
2020-02-10
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.)
CVSS Score
9.8
EPSS Score
0.125
Published
2020-02-10
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-10
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.
CVSS Score
8.8
EPSS Score
0.067
Published
2020-02-10
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
CVSS Score
8.8
EPSS Score
0.067
Published
2020-02-10
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.
CVSS Score
8.8
EPSS Score
0.067
Published
2020-02-10