InfoSec4Fun

CVE-2020-13158 NOMISEC HIGH WRITEUP

Artica Proxy <4.30.000000 - Path Traversal

Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.

1 stars

CVSS 7.5

View Code

CVE-2020-10129 NOMISEC HIGH WRITEUP

SearchBlox < 9.2.1 - Privilege Escalation to Admin

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.

CVSS 8.8

View Code

CVE-2020-10130 NOMISEC HIGH WRITEUP

SearchBlox < 9.1 - Unauthenticated Business Logic Bypass for Super Admin Creation

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.

CVSS 8.8

View Code

CVE-2020-10128 NOMISEC MEDIUM WRITEUP

SearchBlox < 9.2.1 - Stored Cross-Site Scripting via Multiple User Input Parameters

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.

CVSS 5.4

View Code

CVE-2020-10132 NOMISEC MEDIUM WRITEUP

SearchBlox < 9.1 - Cross-Site Scripting via CORS Misconfiguration

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

CVSS 6.1

View Code

CVE-2020-13159 NOMISEC CRITICAL WRITEUP

Artica Proxy <4.30.000000 - Command Injection

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.

CVSS 9.8

View Code

CVE-2020-10131 NOMISEC CRITICAL WRITEUP

SearchBlox < 9.2.1 - CSV Macro Injection via Featured Results Parameter

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

CVSS 9.8

View Code