|
200001
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5217
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200002
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5216
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200003
|
4.4 |
MEDIUM
Network
|
privatebin
|
privatebin
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5223
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200004
|
7.2 |
HIGH
Network
|
troglobit
|
uftpd
|
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesys…
|
CWE-22
Path Traversal
|
CVE-2020-5221
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200005
|
5.5 |
MEDIUM
Local
|
apt-cacher-ng_project
debian
opensuse
|
apt-cacher-ng
debian_linux
leap
backports
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via …
|
NVD-CWE-noinfo
|
CVE-2020-5202
|
2024-11-21 14:33 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200006
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5193
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200007
|
8.1 |
HIGH
Network
|
cerberusftp
|
ftp_server
|
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5196
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200008
|
5.4 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification o…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5194
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200009
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
|
CWE-200
Information Exposure
|
CVE-2020-5197
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200010
|
7.8 |
HIGH
Local
|
sparklabs
|
viscosity
|
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading t…
|
NVD-CWE-noinfo
|
CVE-2020-5180
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
