|
209711
|
7.2 |
HIGH
Network
|
maracms
|
maracms
|
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25042
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209712
|
7.2 |
HIGH
Network
|
autoptimize
|
autoptimize
|
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24948
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209713
|
5.5 |
MEDIUM
Local
|
midnightbsd
freebsd
|
midnightbsd
freebsd
|
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24863
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209714
|
8.8 |
HIGH
Network
|
php-fusion
|
php-fusion
|
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
|
NVD-CWE-noinfo
|
CVE-2020-24949
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209715
|
7.8 |
HIGH
Local
|
kaspersky
|
security_center_web_console
security_center
|
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-25045
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209716
|
7.1 |
HIGH
Local
|
kaspersky
|
virus_removal_tool
|
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
|
NVD-CWE-noinfo
|
CVE-2020-25044
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209717
|
7.1 |
HIGH
Local
|
kaspersky
|
vpn_secure_connection
|
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
|
NVD-CWE-noinfo
|
CVE-2020-25043
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209718
|
4.3 |
MEDIUM
Network
|
derhansen
|
event_management_and_registration
|
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Br…
|
NVD-CWE-noinfo
|
CVE-2020-25026
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209719
|
4.3 |
MEDIUM
Network
|
localization_manager_project
|
localization_manager
|
The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).
|
CWE-863
Incorrect Authorization
|
CVE-2020-25025
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209720
|
7.8 |
HIGH
Local
|
superantispyware
|
professional_x
|
SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via…
|
CWE-59
Link Following
|
CVE-2020-24955
|
2024-11-21 14:16 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
