|
199821
|
4.8 |
MEDIUM
Network
|
dotcms
|
dotcms
|
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a sto…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35274
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199822
|
8.0 |
HIGH
Network
|
egavilanmedia
|
user_registration_\&_login_system_with_admin_panel
|
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any …
|
CWE-352
Origin Validation Error
|
CVE-2020-35273
|
2024-11-21 14:27 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199823
|
9.8 |
CRITICAL
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When t…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35590
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199824
|
5.4 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35589
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199825
|
7.5 |
HIGH
Network
|
subconverter_project
|
subconverter
|
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the …
|
NVD-CWE-Other
|
CVE-2020-35579
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199826
|
7.5 |
HIGH
Network
|
postsrsd_project
debian
|
postsrsd
debian_linux
|
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
|
CWE-834
Excessive Iteration
|
CVE-2020-35573
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199827
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. T…
|
NVD-CWE-noinfo
|
CVE-2020-35555
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199828
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).
|
NVD-CWE-Other
|
CVE-2020-35554
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199829
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a pow…
|
CWE-920
Improper Restriction of Power Consumption
|
CVE-2020-35553
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199830
|
5.3 |
MEDIUM
Network
|
google
|
android
|
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the …
|
NVD-CWE-noinfo
|
CVE-2020-35552
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
