|
197241
|
4.4 |
MEDIUM
Network
|
privatebin
|
privatebin
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5223
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197242
|
7.2 |
HIGH
Network
|
troglobit
|
uftpd
|
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesys…
|
CWE-22
Path Traversal
|
CVE-2020-5221
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197243
|
5.5 |
MEDIUM
Local
|
apt-cacher-ng_project
debian
opensuse
|
apt-cacher-ng
debian_linux
leap
backports
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via …
|
NVD-CWE-noinfo
|
CVE-2020-5202
|
2024-11-21 14:33 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197244
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5193
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197245
|
8.1 |
HIGH
Network
|
cerberusftp
|
ftp_server
|
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5196
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197246
|
5.4 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification o…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5194
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197247
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
|
CWE-200
Information Exposure
|
CVE-2020-5197
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197248
|
7.8 |
HIGH
Local
|
sparklabs
|
viscosity
|
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading t…
|
NVD-CWE-noinfo
|
CVE-2020-5180
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197249
|
6.1 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5195
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197250
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
dairy_farm_shop_management_system
|
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5308
|
2024-11-21 14:33 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
