|
210261
|
4.8 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25830
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210262
|
4.3 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these note…
|
CWE-862
Missing Authorization
|
CVE-2020-25781
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210263
|
6.8 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.…
|
NVD-CWE-noinfo
|
CVE-2020-25816
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210264
|
6.1 |
MEDIUM
Network
|
encode
redhat
debian
|
django_rest_framework
ceph_storage
debian_linux
|
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25626
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210265
|
9.8 |
CRITICAL
Network
|
seat_reservation_system_project
|
seat_reservation_system
|
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25763
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210266
|
9.1 |
CRITICAL
Network
|
seat_reservation_system_project
|
seat_reservation_system
|
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicio…
|
CWE-89
SQL Injection
|
CVE-2020-25762
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210267
|
6.1 |
MEDIUM
Network
|
projectworlds
|
visitor_management_system_in_php
|
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the param…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25761
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210268
|
8.8 |
HIGH
Network
|
projectworlds
|
visitor_management_system_in_php
|
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input t…
|
CWE-89
SQL Injection
|
CVE-2020-25760
|
2024-11-21 14:18 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210269
|
6.3 |
MEDIUM
Local
|
trendmicro
|
antivirus\+_2020
internet_security_2020
maximum_security_2020
premium_security_2020
|
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate th…
|
CWE-362
Race Condition
|
CVE-2020-25775
|
2024-11-21 14:18 |
2020-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210270
|
4.3 |
MEDIUM
Network
|
trendmicro
|
apex_one
|
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-25774
|
2024-11-21 14:18 |
2020-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
