|
209371
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25005
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209372
|
9.8 |
CRITICAL
Network
|
heybbs_project
|
heybbs
|
Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
|
CWE-89
SQL Injection
|
CVE-2020-25004
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209373
|
6.5 |
MEDIUM
Network
|
xmlsoft
debian
fedoraproject
opensuse
netapp
oracle
|
libxml2
debian_linux
fedora
leap
snapdrive
clustered_data_ontap
clustered_data_ontap_antivirus_connector
active_iq_unified_manager
manageability_software_development_kit
in…
|
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-24977
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209374
|
9.8 |
CRITICAL
Network
|
pancakeapp
|
pancake
|
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24876
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209375
|
7.2 |
HIGH
Network
|
maracms
|
maracms
|
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request t…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25042
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209376
|
7.2 |
HIGH
Network
|
autoptimize
|
autoptimize
|
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24948
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209377
|
5.5 |
MEDIUM
Local
|
midnightbsd
freebsd
|
midnightbsd
freebsd
|
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24863
|
2024-11-21 14:16 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209378
|
8.8 |
HIGH
Network
|
php-fusion
|
php-fusion
|
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
|
NVD-CWE-noinfo
|
CVE-2020-24949
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209379
|
7.8 |
HIGH
Local
|
kaspersky
|
security_center_web_console
security_center
|
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-25045
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209380
|
7.1 |
HIGH
Local
|
kaspersky
|
virus_removal_tool
|
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
|
NVD-CWE-noinfo
|
CVE-2020-25044
|
2024-11-21 14:16 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
