|
209621
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter Pa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25798
|
2024-11-21 14:18 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209622
|
4.6 |
MEDIUM
Physics
|
resourcexpress
|
qubi3_firmware
|
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable),…
|
CWE-200
Information Exposure
|
CVE-2020-25746
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209623
|
4.8 |
MEDIUM
Network
|
microfocus
|
idol
|
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25833
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209624
|
5.4 |
MEDIUM
Network
|
microfocus
|
filr
|
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25832
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209625
|
7.4 |
HIGH
Network
|
linux
redhat
|
linux_kernel
enterprise_linux
|
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Soft…
|
-
|
CVE-2020-25705
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209626
|
5.4 |
MEDIUM
Network
|
microfocus
|
arcsight_logger
|
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).
|
CWE-79
Cross-site Scripting
|
CVE-2020-25834
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209627
|
8.8 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at leas…
|
-
|
CVE-2020-25695
|
2024-11-21 14:18 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209628
|
8.1 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections onl…
|
-
|
CVE-2020-25694
|
2024-11-21 14:18 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209629
|
8.8 |
HIGH
Network
|
cmsuno_project
|
cmsuno
|
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be ru…
|
CWE-94
Code Injection
|
CVE-2020-25557
|
2024-11-21 14:18 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209630
|
8.8 |
HIGH
Network
|
cmsuno_project
|
cmsuno
|
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the contro…
|
CWE-94
Code Injection
|
CVE-2020-25538
|
2024-11-21 14:18 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
