|
201061
|
8.1 |
HIGH
Network
|
thoughtbot
|
administrate
|
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present …
|
CWE-89
SQL Injection
|
CVE-2020-5257
|
2024-11-21 14:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201062
|
9.8 |
CRITICAL
Network
|
fatfreeframework
|
fat-free_framework
|
In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method.
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-5203
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201063
|
8.6 |
HIGH
Network
|
linuxfoundation
|
dojox
|
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language co…
|
CWE-74
Injection
|
CVE-2020-5259
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201064
|
7.7 |
HIGH
Network
|
linuxfoundation
debian
oracle
|
dojo
debian_linux
webcenter_sites
primavera_unifier
communications_policy_management
weblogic_server
mysql
communications_pricing_design_center
documaker
communications_app…
|
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language …
|
-
|
CVE-2020-5258
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201065
|
8.1 |
HIGH
Network
|
nethack
|
nethack
|
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-5254
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201066
|
9.8 |
CRITICAL
Network
|
nethack
|
nethack
|
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
|
CWE-269
Improper Privilege Management
|
CVE-2020-5253
|
2024-11-21 14:33 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201067
|
7.8 |
HIGH
Local
|
dell
|
digital_delivery
|
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5342
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201068
|
8.8 |
HIGH
Network
|
bookstackapp
|
bookstack
|
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5256
|
2024-11-21 14:33 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201069
|
9.8 |
CRITICAL
Network
|
dell
|
emc_isilon_onefs
|
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-5328
|
2024-11-21 14:33 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201070
|
9.8 |
CRITICAL
Network
|
dell
|
security_management_server
|
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-5327
|
2024-11-21 14:33 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
