|
209201
|
7.5 |
HIGH
Network
|
trendmicro
|
worry-free_business_security
|
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability a…
|
CWE-22
Path Traversal
|
CVE-2020-28574
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209202
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
|
NVD-CWE-noinfo
|
CVE-2020-28572
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209203
|
7.5 |
HIGH
Network
|
golang
|
go
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|
CWE-94
Code Injection
|
CVE-2020-28367
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209204
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
|
CWE-94
Code Injection
|
CVE-2020-28366
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209205
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28362
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209206
|
7.5 |
HIGH
Network
|
cxuu
|
cxuucms
|
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
|
CWE-89
SQL Injection
|
CVE-2020-28091
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209207
|
6.5 |
MEDIUM
Network
|
tp-link
|
tl-wpa4220_firmware
|
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28005
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209208
|
5.4 |
MEDIUM
Network
|
kamailio
|
kamailio
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28361
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209209
|
9.8 |
CRITICAL
Network
|
water_billing_system_project
|
water_billing_system
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
|
CWE-89
SQL Injection
|
CVE-2020-28183
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209210
|
6.1 |
MEDIUM
Network
|
pescms
|
pescms_team
|
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
|
CWE-79
Cross-site Scripting
|
CVE-2020-28092
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
