Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages
are downloaded via unencrypted HTTP
===
Identifiers
-
CVE-2020-11718
Vendor
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with
guessable static encryption key
===
Identifiers
-
CVE-2020-8995
Vendor
Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections
=
Identifiers
-
CVE-2020-11717
Vendor
-
Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with
guessable static encryption key
===
Identifiers
-
CVE-2020-11719
Vendor
Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default
Password
===
Identifiers
-
CVE-2020-11720
Vendor
Matrix42 Workspace Management 9.1.2.2765 – Reflected Cross-Site Scripting
===
Identifiers
-
* CVE-2019-19913
CVSSv3 score
Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting
===
Identifiers
-
CVE-2019-19500
CVSSv3 score
-
codeBeamer – Stored Cross-Site Scripting
===
Identifiers
-
* CVE-2019-19913
CVSSv3 score
-
6.4
# Exploit Title: Reflected XSS – HRworks Login (v1.16.1)
# Vendor Homepage: https://www.hrworks.de
# Exploit Author: Georg Philipp Erasmus Heise / Lufthansa Industry Solutions
# Contact: https://twitter.com/gpheheise
# Website: https://www.lufthansa-industry-solutions.com
# Category: webapps