|
201211
|
5.4 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the r…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-5225
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201212
|
8.8 |
HIGH
Network
|
django-user-sessions_project
|
django-user-sessions
|
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rend…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-5224
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201213
|
8.8 |
HIGH
Network
|
peerigon
|
angular-expressions
|
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. I…
|
CWE-74
Injection
|
CVE-2020-5219
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201214
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5217
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201215
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5216
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201216
|
4.4 |
MEDIUM
Network
|
privatebin
|
privatebin
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5223
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201217
|
7.2 |
HIGH
Network
|
troglobit
|
uftpd
|
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesys…
|
CWE-22
Path Traversal
|
CVE-2020-5221
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201218
|
5.5 |
MEDIUM
Local
|
apt-cacher-ng_project
debian
opensuse
|
apt-cacher-ng
debian_linux
leap
backports
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via …
|
NVD-CWE-noinfo
|
CVE-2020-5202
|
2024-11-21 14:33 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201219
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5193
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201220
|
8.1 |
HIGH
Network
|
cerberusftp
|
ftp_server
|
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5196
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
