|
208331
|
6.1 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27608
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208332
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to …
|
NVD-CWE-noinfo
|
CVE-2020-27607
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208333
|
5.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its…
|
NVD-CWE-Other
|
CVE-2020-27606
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208334
|
9.8 |
CRITICAL
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
|
NVD-CWE-Other
|
CVE-2020-27605
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208335
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With t…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-27604
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208336
|
7.5 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.
|
NVD-CWE-noinfo
|
CVE-2020-27603
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208337
|
7.5 |
HIGH
Network
|
easy-parse_project
|
easy-parse
|
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
|
CWE-611
XXE
|
CVE-2020-26710
|
2024-11-21 14:20 |
2023-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208338
|
4.9 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization…
|
CWE-89
SQL Injection
|
CVE-2020-26630
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208339
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
hospital_management_system
|
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26629
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208340
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26628
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
