|
199731
|
9.8 |
CRITICAL
Network
|
alumni_management_system_project
|
alumni_management_system
|
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
|
CWE-89
SQL Injection
|
CVE-2020-28070
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199732
|
8.1 |
HIGH
Network
|
multi-ini_project
|
multi-ini
|
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28460
|
2024-11-21 14:22 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199733
|
9.8 |
CRITICAL
Network
|
multi-ini_project
|
multi-ini
|
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28448
|
2024-11-21 14:22 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199734
|
8.1 |
HIGH
Network
|
bouncycastle
apache
oracle
|
legion-of-the-bouncy-castle-java-crytography-api
karaf
peoplesoft_enterprise_peopletools
webcenter_portal
utilities_framework
banking_extensibility_workbench
banking_virtual_account…
|
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect pas…
|
NVD-CWE-Other
|
CVE-2020-28052
|
2024-11-21 14:22 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199735
|
7.3 |
HIGH
Network
|
datatables
|
datatables.net
|
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28458
|
2024-11-21 14:22 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199736
|
7.2 |
HIGH
Network
|
alumni_management_system_project
|
alumni_management_system
|
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28072
|
2024-11-21 14:22 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199737
|
4.8 |
MEDIUM
Network
|
s-cart
|
s-cart
|
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28457
|
2024-11-21 14:22 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199738
|
6.1 |
MEDIUM
Network
|
s-cart
|
s-cart
|
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28456
|
2024-11-21 14:22 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199739
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-28203
|
2024-11-21 14:22 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199740
|
9.8 |
CRITICAL
Network
|
js-data
|
js-data
|
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
|
NVD-CWE-Other
|
CVE-2020-28442
|
2024-11-21 14:22 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
