|
200021
|
4.3 |
MEDIUM
Network
|
php-fusion
|
phpfusion
|
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
|
CWE-352
Origin Validation Error
|
CVE-2020-35687
|
2024-11-21 14:27 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200022
|
7.8 |
HIGH
Local
|
soundresearch
|
dchu_model_software_component_modules
|
The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolu…
|
CWE-426
Untrusted Search Path
|
CVE-2020-35686
|
2024-11-21 14:27 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200023
|
7.8 |
HIGH
Local
|
clusterlabs
debian
|
crmsh
debian_linux
|
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history co…
|
CWE-78
OS Command
|
CVE-2020-35459
|
2024-11-21 14:27 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200024
|
9.8 |
CRITICAL
Network
|
clusterlabs
|
hawk
|
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout rout…
|
CWE-78
OS Command
|
CVE-2020-35458
|
2024-11-21 14:27 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200025
|
5.4 |
MEDIUM
Network
|
python
fedoraproject
|
pillow
fedora
|
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-35655
|
2024-11-21 14:27 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200026
|
8.8 |
HIGH
Network
|
python
fedoraproject
|
pillow
fedora
|
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35654
|
2024-11-21 14:27 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200027
|
7.1 |
HIGH
Network
|
python
fedoraproject
debian
|
pillow
fedora
debian_linux
|
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-35653
|
2024-11-21 14:27 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200028
|
8.8 |
HIGH
Network
|
cacti
fedoraproject
|
cacti
fedora
|
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id paramete…
|
CWE-89
SQL Injection
|
CVE-2020-35701
|
2024-11-21 14:27 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200029
|
7.8 |
HIGH
Local
|
anydesk
|
anydesk
|
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-35483
|
2024-11-21 14:27 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200030
|
5.4 |
MEDIUM
Network
|
quest
|
policy_authority_for_unified_communications
|
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOT…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35727
|
2024-11-21 14:27 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
