|
198691
|
9.8 |
CRITICAL
Network
|
egavilanmedia
|
ecm_address_book
|
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
|
CWE-89
SQL Injection
|
CVE-2020-35276
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198692
|
5.4 |
MEDIUM
Network
|
coastercms
|
coastercms
|
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35275
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198693
|
4.8 |
MEDIUM
Network
|
dotcms
|
dotcms
|
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a sto…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35274
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198694
|
8.0 |
HIGH
Network
|
egavilanmedia
|
user_registration_\&_login_system_with_admin_panel
|
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any …
|
CWE-352
Origin Validation Error
|
CVE-2020-35273
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198695
|
9.8 |
CRITICAL
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When t…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35590
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198696
|
5.4 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35589
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198697
|
7.5 |
HIGH
Network
|
subconverter_project
|
subconverter
|
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the …
|
NVD-CWE-Other
|
CVE-2020-35579
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198698
|
7.5 |
HIGH
Network
|
postsrsd_project
debian
|
postsrsd
debian_linux
|
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
|
CWE-834
Excessive Iteration
|
CVE-2020-35573
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198699
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. T…
|
NVD-CWE-noinfo
|
CVE-2020-35555
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198700
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).
|
NVD-CWE-Other
|
CVE-2020-35554
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
