|
209001
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28362
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209002
|
7.5 |
HIGH
Network
|
cxuu
|
cxuucms
|
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
|
CWE-89
SQL Injection
|
CVE-2020-28091
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209003
|
6.5 |
MEDIUM
Network
|
tp-link
|
tl-wpa4220_firmware
|
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28005
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209004
|
5.4 |
MEDIUM
Network
|
kamailio
|
kamailio
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28361
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209005
|
9.8 |
CRITICAL
Network
|
water_billing_system_project
|
water_billing_system
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
|
CWE-89
SQL Injection
|
CVE-2020-28183
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209006
|
6.1 |
MEDIUM
Network
|
pescms
|
pescms_team
|
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
|
CWE-79
Cross-site Scripting
|
CVE-2020-28092
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209007
|
9.8 |
CRITICAL
Network
|
online_library_management_system_project
|
online_library_management_system
|
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add be…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28130
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209008
|
6.1 |
MEDIUM
Network
|
adrianmercurio
|
gym_management_system
|
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28129
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209009
|
8.8 |
HIGH
Network
|
phpgurukul
|
tourism_management_system
|
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28136
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209010
|
9.8 |
CRITICAL
Network
|
simple_grocery_store_sales_and_inventory_sales_project
|
simple_grocery_store_sales_and_inventory_system
|
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges …
|
CWE-89
SQL Injection
|
CVE-2020-28133
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
