|
212091
|
8.8 |
HIGH
Network
|
beeline
|
smart_box_firmware
|
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute tra…
|
CWE-78
OS Command
|
CVE-2020-12246
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212092
|
7.5 |
HIGH
Network
|
onkyo
|
tx-nr585_firmware
|
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as d…
|
CWE-22
Path Traversal
|
CVE-2020-12447
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212093
|
9.8 |
CRITICAL
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequen…
|
CWE-22
Path Traversal
|
CVE-2020-12443
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212094
|
9.8 |
CRITICAL
Network
|
ivanti
|
avalanche
|
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
|
CWE-89
SQL Injection
|
CVE-2020-12442
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212095
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Open-AudIT 3.3.0 allows an XSS attack after login.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12261
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212096
|
7.7 |
HIGH
Network
|
tiny_file_manager_project
|
tiny_file_manager
|
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scop…
|
CWE-22
Path Traversal
|
CVE-2020-12103
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212097
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor …
|
CWE-79
Cross-site Scripting
|
CVE-2020-12438
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212098
|
7.7 |
HIGH
Network
|
tiny_file_manager_project
|
tiny_file_manager
|
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the fi…
|
CWE-22
Path Traversal
|
CVE-2020-12102
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212099
|
6.5 |
MEDIUM
Network
|
redhat
|
libvirt
enterprise_linux
|
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is respons…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-12430
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212100
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
online_course_registration
|
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_a…
|
CWE-89
SQL Injection
|
CVE-2020-12429
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
