|
200451
|
8.0 |
HIGH
Network
|
litecart
|
litecart
|
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-9017
|
2024-11-21 14:39 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200452
|
9.8 |
CRITICAL
Network
|
opensmtpd
canonical
fedoraproject
debian
|
opensmtpd
ubuntu_linux
fedora
debian_linux
|
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTP…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-8794
|
2024-11-21 14:39 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200453
|
4.7 |
MEDIUM
Local
|
opensmtpd
fedoraproject
canonical
|
opensmtpd
fedora
ubuntu_linux
|
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offl…
|
CWE-426
CWE-367
Untrusted Search Path
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8793
|
2024-11-21 14:39 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200454
|
8.1 |
HIGH
Network
|
cardgate
|
cardgate_payments
|
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attack…
|
CWE-346
Origin Validation Error
|
CVE-2020-8819
|
2024-11-21 14:39 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200455
|
8.1 |
HIGH
Network
|
cardgate
adobe
|
cardgate_payments
magento
|
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows a…
|
CWE-346
Origin Validation Error
|
CVE-2020-8818
|
2024-11-21 14:39 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200456
|
9.8 |
CRITICAL
Network
|
couchbase
|
couchbase_server
|
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticat…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-9039
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200457
|
8.8 |
HIGH
Network
|
cacti
fedoraproject
opmantek
opensuse
debian
|
cacti
fedora
open-audit
suse_package_hub
debian_linux
|
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
|
CWE-78
OS Command
|
CVE-2020-8813
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200458
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-2610_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this …
|
CWE-287
Improper Authentication
|
CVE-2020-8862
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200459
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-1330_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploi…
|
CWE-287
Improper Authentication
|
CVE-2020-8861
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200460
|
8.0 |
HIGH
Adjacent
|
google
|
android
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8860
|
2024-11-21 14:39 |
2020-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
