|
214571
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-10238
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214572
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
|
CWE-89
SQL Injection
|
CVE-2020-10230
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214573
|
8.8 |
HIGH
Network
|
atutor
|
acontent
|
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10557
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214574
|
9.1 |
CRITICAL
Network
|
styria
|
django-rest-framework-json_web_tokens
|
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blackli…
|
CWE-287
Improper Authentication
|
CVE-2020-10594
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214575
|
7.5 |
HIGH
Network
|
walmart
|
concord
|
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows r…
|
NVD-CWE-noinfo
|
CVE-2020-10591
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214576
|
7.8 |
HIGH
Local
|
v2rayl_project
|
v2rayl
|
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is resta…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10589
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214577
|
7.8 |
HIGH
Local
|
v2rayl_project
|
v2rayl
|
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
|
CWE-269
Improper Privilege Management
|
CVE-2020-10588
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214578
|
7.8 |
HIGH
Local
|
antixlinux
mxlinux
|
antix_linux
mx_linux
|
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
|
NVD-CWE-noinfo
|
CVE-2020-10587
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214579
|
7.5 |
HIGH
Network
|
q-cms
|
qcms
|
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
|
NVD-CWE-noinfo
|
CVE-2020-10578
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214580
|
4.8 |
MEDIUM
Network
|
meetecho
|
janus
|
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
|
CWE-362
Race Condition
|
CVE-2020-10577
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
