|
211701
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
|
CWE-20
Improper Input Validation
|
CVE-2020-10240
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211702
|
8.8 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
|
CWE-863
Incorrect Authorization
|
CVE-2020-10239
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211703
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-10238
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211704
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
|
CWE-89
SQL Injection
|
CVE-2020-10230
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211705
|
8.8 |
HIGH
Network
|
atutor
|
acontent
|
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10557
|
2024-11-21 13:55 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211706
|
9.1 |
CRITICAL
Network
|
styria
|
django-rest-framework-json_web_tokens
|
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blackli…
|
CWE-287
Improper Authentication
|
CVE-2020-10594
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211707
|
7.5 |
HIGH
Network
|
walmart
|
concord
|
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows r…
|
NVD-CWE-noinfo
|
CVE-2020-10591
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211708
|
7.8 |
HIGH
Local
|
v2rayl_project
|
v2rayl
|
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is resta…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10589
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211709
|
7.8 |
HIGH
Local
|
v2rayl_project
|
v2rayl
|
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
|
CWE-269
Improper Privilege Management
|
CVE-2020-10588
|
2024-11-21 13:55 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211710
|
7.8 |
HIGH
Local
|
antixlinux
mxlinux
|
antix_linux
mx_linux
|
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
|
NVD-CWE-noinfo
|
CVE-2020-10587
|
2024-11-21 13:55 |
2020-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
