|
211851
|
8.1 |
HIGH
Network
|
ponzu-cms
|
ponzu
|
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-24130
|
2024-11-21 14:14 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211852
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS)…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23707
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211853
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23706
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211854
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-23705
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211855
|
9.8 |
CRITICAL
Network
|
radare
|
radare2-extras
|
A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24133
|
2024-11-21 14:14 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211856
|
4.8 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23702
|
2024-11-21 14:14 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211857
|
4.8 |
MEDIUM
Network
|
lavalite
|
lavalite
|
Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23700
|
2024-11-21 14:14 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211858
|
7.5 |
HIGH
Network
|
secondline
|
podcast_importer_secondline
|
Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24149
|
2024-11-21 14:14 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211859
|
9.1 |
CRITICAL
Network
|
mooveagency
|
import_xml_and_rss_feeds
|
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24148
|
2024-11-21 14:14 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211860
|
9.1 |
CRITICAL
Network
|
xylusthemes
|
wp_smart_import
|
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24147
|
2024-11-21 14:14 |
2021-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
