|
199331
|
8.8 |
HIGH
Network
|
fortinet
|
fortideceptor
|
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vuln…
|
CWE-78
OS Command
|
CVE-2020-29017
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199332
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiweb
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentiall…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29016
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199333
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiweb
|
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by send…
|
CWE-89
SQL Injection
|
CVE-2020-29015
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199334
|
6.1 |
MEDIUM
Network
|
stockdio
|
stockdio_historical_chart
|
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ b…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28707
|
2024-11-21 14:23 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199335
|
7.2 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php cau…
|
NVD-CWE-noinfo
|
CVE-2020-28672
|
2024-11-21 14:23 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199336
|
5.3 |
MEDIUM
Network
|
sesame-system
|
web-sesame
|
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScrip…
|
NVD-CWE-noinfo
|
CVE-2020-29041
|
2024-11-21 14:23 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199337
|
5.5 |
MEDIUM
Local
|
drivergenius
|
drivergenius_firmware
|
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.
|
NVD-CWE-noinfo
|
CVE-2020-28841
|
2024-11-21 14:23 |
2021-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199338
|
7.5 |
HIGH
Network
|
golang
|
text
|
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accep…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-28852
|
2024-11-21 14:23 |
2021-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199339
|
7.5 |
HIGH
Network
|
golang
|
go
|
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language …
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-28851
|
2024-11-21 14:23 |
2021-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199340
|
5.4 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29231
|
2024-11-21 14:23 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
