|
209841
|
9.8 |
CRITICAL
Network
|
stock_management_system_project
|
stock_management_system
|
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24197
|
2024-11-21 14:14 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209842
|
6.1 |
MEDIUM
Network
|
daily_tracker_system_project
|
daily_tracker_system
|
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24194
|
2024-11-21 14:14 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209843
|
9.8 |
CRITICAL
Network
|
silk-v3-decoder_project
|
silk-v3-decoder
|
The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow.
|
CWE-119
CWE-20
Incorrect Access of Indexable Resource ('Range Error')
Improper Input Validation
|
CVE-2020-24074
|
2024-11-21 14:14 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209844
|
7.8 |
HIGH
Local
|
realtimelogic
|
barracudadrive
|
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When th…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-23834
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209845
|
9.8 |
CRITICAL
Network
|
daily_tracker_system_project
|
daily_tracker_system
|
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24193
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209846
|
7.8 |
HIGH
Local
|
tencent
|
tencent
|
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24162
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209847
|
7.8 |
HIGH
Local
|
163
|
netease_mail_master
|
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24161
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209848
|
7.8 |
HIGH
Local
|
tencent
|
tim
|
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24160
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209849
|
7.8 |
HIGH
Local
|
163
|
netease_youdao_dictionary
|
NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24159
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209850
|
7.8 |
HIGH
Local
|
360
|
speed_browser
|
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24158
|
2024-11-21 14:14 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
