|
198641
|
5.5 |
MEDIUM
Local
|
faststone
|
image_viewer
|
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-35843
|
2024-11-21 14:28 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198642
|
6.1 |
MEDIUM
Network
|
persis
|
human_resource_management_portal
|
The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, al…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35753
|
2024-11-21 14:28 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198643
|
9.8 |
CRITICAL
Network
|
kaspersky
|
tinycheck
|
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker fo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-35929
|
2024-11-21 14:28 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198644
|
7.5 |
HIGH
Network
|
php
fedoraproject
debian
drupal
|
archive_tar
fedora
debian_linux
drupal
|
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2020-36193
|
2024-11-21 14:28 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198645
|
7.7 |
HIGH
Network
|
presstigers
|
simple_board_job
|
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files …
|
CWE-22
Path Traversal
|
CVE-2020-35749
|
2024-11-21 14:28 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198646
|
5.4 |
MEDIUM
Network
|
foliovision
|
fv_flowplayer_video_player
|
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35748
|
2024-11-21 14:28 |
2021-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198647
|
5.3 |
MEDIUM
Network
|
mantisbt
|
source_integration
|
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private …
|
NVD-CWE-noinfo
|
CVE-2020-36192
|
2024-11-21 14:28 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198648
|
4.5 |
MEDIUM
Network
|
jupyter
|
jupyterhub
|
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
|
CWE-352
Origin Validation Error
|
CVE-2020-36191
|
2024-11-21 14:28 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198649
|
6.1 |
MEDIUM
Network
|
rails_admin_project
|
rails_admin
|
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36190
|
2024-11-21 14:28 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198650
|
7.5 |
HIGH
Network
|
socket
|
socket.io-parser
|
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-36049
|
2024-11-21 14:28 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
