|
210311
|
4.3 |
MEDIUM
Network
|
primekey
|
ejbca
|
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the r…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28942
|
2024-11-21 14:23 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210312
|
6.1 |
MEDIUM
Network
|
palletsprojects
|
werkzeug
|
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
|
CWE-601
Open Redirect
|
CVE-2020-28724
|
2024-11-21 14:23 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210313
|
6.5 |
MEDIUM
Network
|
view_frontend_statistics_project
|
view_frontend_statistics
|
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-28917
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210314
|
5.8 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28915
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210315
|
7.1 |
HIGH
Local
|
katacontainers
|
kata-containers
|
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28914
|
2024-11-21 14:23 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210316
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28688
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210317
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28687
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210318
|
5.4 |
MEDIUM
Network
|
progress
|
moveit_transfer
|
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28647
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210319
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28693
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210320
|
7.2 |
HIGH
Network
|
gilacms
|
gila_cms
|
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28692
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
