|
201811
|
5.5 |
MEDIUM
Local
|
apt-cacher-ng_project
debian
opensuse
|
apt-cacher-ng
debian_linux
leap
backports
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via …
|
NVD-CWE-noinfo
|
CVE-2020-5202
|
2024-11-21 14:33 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201812
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5193
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201813
|
8.1 |
HIGH
Network
|
cerberusftp
|
ftp_server
|
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5196
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201814
|
5.4 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification o…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5194
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201815
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
|
CWE-200
Information Exposure
|
CVE-2020-5197
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201816
|
7.8 |
HIGH
Local
|
sparklabs
|
viscosity
|
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading t…
|
NVD-CWE-noinfo
|
CVE-2020-5180
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201817
|
6.1 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5195
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201818
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
dairy_farm_shop_management_system
|
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5308
|
2024-11-21 14:33 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201819
|
5.4 |
MEDIUM
Network
|
powauth
|
pow
|
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a d…
|
CWE-384
Session Fixation
|
CVE-2020-5205
|
2024-11-21 14:33 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201820
|
7.5 |
HIGH
Network
|
ftpgetter
|
ftpgetter
|
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a …
|
CWE-787
CWE-476
Out-of-bounds Write
NULL Pointer Dereference
|
CVE-2020-5183
|
2024-11-21 14:33 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
