|
208621
|
7.8 |
HIGH
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35979
|
2024-11-21 14:28 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208622
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
media_streaming_add-on
multimedia_console
|
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain applica…
|
CWE-89
SQL Injection
|
CVE-2020-36195
|
2024-11-21 14:28 |
2021-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208623
|
4.8 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35856
|
2024-11-21 14:28 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208624
|
5.3 |
MEDIUM
Network
|
redash
|
redash
|
Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks…
|
CWE-74
Injection
|
CVE-2020-36144
|
2024-11-21 14:28 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208625
|
5.4 |
MEDIUM
Network
|
baby_care_system_project
|
baby_care_system
|
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35752
|
2024-11-21 14:28 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208626
|
7.2 |
HIGH
Network
|
zenphoto
|
zenphoto
|
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36079
|
2024-11-21 14:28 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208627
|
6.1 |
MEDIUM
Network
|
getgist
|
chatbox
|
Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35852
|
2024-11-21 14:28 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208628
|
6.5 |
MEDIUM
Network
|
digium
|
asterisk
|
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-35776
|
2024-11-21 14:28 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208629
|
7.5 |
HIGH
Network
|
online_book_store_project
|
online_book_store
|
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
|
CWE-89
SQL Injection
|
CVE-2020-36003
|
2024-11-21 14:28 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208630
|
7.5 |
HIGH
Network
|
seat-reservation-system_project
|
seat-reservation-system
|
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-36002
|
2024-11-21 14:28 |
2021-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
