|
220941
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
|
CWE-94
Code Injection
|
CVE-2020-10389
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220942
|
5.4 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10388
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220943
|
4.9 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter fil…
|
CWE-22
Path Traversal
|
CVE-2020-10387
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220944
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10386
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220945
|
9.8 |
CRITICAL
Network
|
technicolor
|
tc7337net_firmware
|
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-10376
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220946
|
5.4 |
MEDIUM
Network
|
ramp
|
altimeter
|
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10372
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220947
|
9.0 |
CRITICAL
Network
|
samsung
micron
skhynix
|
lpddr4
ddr4
ddr4_sdram
|
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass iss…
|
CWE-20
Improper Input Validation
|
CVE-2020-10255
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220948
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10251
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220949
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because …
|
CWE-94
CWE-862
Code Injection
Missing Authorization
|
CVE-2020-10257
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220950
|
9.8 |
CRITICAL
Network
|
meinbwa
|
direx-pro_firmware
|
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.
|
CWE-78
OS Command
|
CVE-2020-10250
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
