|
211721
|
7.8 |
HIGH
Local
|
faulknermedia
|
wildlife_issues_in_the_new_millennium
|
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using Li…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-26894
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211722
|
8.8 |
HIGH
Network
|
formalms
|
formalms
|
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accompl…
|
CWE-352
Origin Validation Error
|
CVE-2020-26802
|
2024-11-21 14:20 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211723
|
5.5 |
MEDIUM
Local
|
dlink
|
dsr-250n_firmware
|
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore u…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26567
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211724
|
7.8 |
HIGH
Local
|
sympa
fedoraproject
debian
|
sympa
fedora
debian_linux
|
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it thr…
|
CWE-269
Improper Privilege Management
|
CVE-2020-26880
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211725
|
7.5 |
HIGH
Network
|
wpcoursesplugin
|
wp-courses
|
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26876
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211726
|
6.1 |
MEDIUM
Network
|
cure53
debian
microsoft
oracle
|
dompurify
debian_linux
visual_studio_2017
visual_studio_2019
application_express
|
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26870
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211727
|
8.8 |
HIGH
Network
|
elementor
|
elementor_pro
|
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable…
|
CWE-269
Improper Privilege Management
|
CVE-2020-26596
|
2024-11-21 14:20 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211728
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privile…
|
NVD-CWE-noinfo
|
CVE-2020-26607
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211729
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is S…
|
NVD-CWE-noinfo
|
CVE-2020-26606
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211730
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-202…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-26605
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
