|
210711
|
9.8 |
CRITICAL
Network
|
cmswing
|
cmswing
|
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2020-20295
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210712
|
9.8 |
CRITICAL
Network
|
cmswing
|
cmswing
|
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
|
CWE-89
SQL Injection
|
CVE-2020-20294
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210713
|
7.5 |
HIGH
Network
|
yccms
|
yccms
|
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.
|
CWE-22
Path Traversal
|
CVE-2020-20290
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210714
|
9.8 |
CRITICAL
Network
|
yccms
|
yccms
|
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
|
CWE-89
SQL Injection
|
CVE-2020-20289
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210715
|
4.8 |
MEDIUM
Network
|
rockoa
|
rockoa
|
RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/inp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21147
|
2024-11-21 14:12 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210716
|
6.1 |
MEDIUM
Network
|
feehi
|
feehi_cms
|
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21146
|
2024-11-21 14:12 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210717
|
5.9 |
MEDIUM
Network
|
st
ietf
|
stm32cubemx
stm32cubeide
stm32cubeprogrammer
stm32cubemonitor
stm32cubel1
stm32cubel0
stm32cubel4
stm32cubel5
stm32cubef0
stm32cubef1
stm32cubef2
stm32cubef3
stm32…
|
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's orac…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-20949
|
2024-11-21 14:12 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210718
|
5.9 |
MEDIUM
Network
|
ietf
microchip
|
public_key_cryptography_standards_\#1
microchip_libraries_for_applications
|
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-20950
|
2024-11-21 14:12 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210719
|
6.5 |
MEDIUM
Network
|
xiph.org
stepmania
|
libvorbis
stepmania
|
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-20412
|
2024-11-21 14:12 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210720
|
9.8 |
CRITICAL
Network
|
seacms
|
seacms
|
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
|
CWE-89
SQL Injection
|
CVE-2020-21378
|
2024-11-21 14:12 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
