|
211341
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a…
|
CWE-352
Origin Validation Error
|
CVE-2020-11060
|
2024-11-21 13:56 |
2020-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211342
|
8.6 |
HIGH
Network
|
simpleledger
|
slp-validate
|
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow…
|
CWE-697
Incorrect Comparison
|
CVE-2020-11072
|
2024-11-21 13:56 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211343
|
8.6 |
HIGH
Network
|
simpleledger
|
slpjs
|
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet c…
|
CWE-697
Incorrect Comparison
|
CVE-2020-11071
|
2024-11-21 13:56 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211344
|
8.8 |
HIGH
Network
|
pi-hole
|
pi-hole
|
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Al…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11108
|
2024-11-21 13:56 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211345
|
5.4 |
MEDIUM
Network
|
shopizer
|
shopizer
|
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11006
|
2024-11-21 13:56 |
2020-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211346
|
8.0 |
HIGH
Adjacent
|
tp-link
|
tl-wa855re_firmware
|
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Al…
|
CWE-287
Improper Authentication
|
CVE-2020-10916
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211347
|
6.3 |
MEDIUM
Network
|
barrelstrengthdesign
|
sprout_forms
|
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This ha…
|
CWE-74
Injection
|
CVE-2020-11056
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211348
|
8.1 |
HIGH
Network
|
java-websocket_project
|
java-websocket
|
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched …
|
CWE-295
Improper Certificate Validation
|
CVE-2020-11050
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211349
|
7.2 |
HIGH
Network
|
gira
|
tks-ip-gateway_firmware
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
|
CWE-78
OS Command
|
CVE-2020-10795
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211350
|
9.8 |
CRITICAL
Network
|
gira
|
tks-ip-gateway_firmware
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root acce…
|
CWE-22
Path Traversal
|
CVE-2020-10794
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
