|
197851
|
9.8 |
CRITICAL
Network
|
cayintech
|
xpost
|
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being ret…
|
CWE-89
SQL Injection
|
CVE-2020-7356
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197852
|
8.4 |
HIGH
Local
|
mcafee
|
total_protection
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
NVD-CWE-noinfo
|
CVE-2020-7298
|
2024-11-21 14:37 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197853
|
8.8 |
HIGH
Local
|
gog
|
galaxy
|
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-7352
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197854
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7823
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197855
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7822
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197856
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7829
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197857
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7828
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197858
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and …
|
CWE-416
Use After Free
|
CVE-2020-7827
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197859
|
9.8 |
CRITICAL
Network
|
express-fileupload_project
netapp
|
express-fileupload
max_data
|
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7699
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197860
|
9.8 |
CRITICAL
Network
|
gerapy
|
gerapy
|
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized.
|
CWE-78
OS Command
|
CVE-2020-7698
|
2024-11-21 14:37 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
