|
214711
|
4.8 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10393
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214712
|
4.8 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mar…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10392
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214713
|
4.8 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10391
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214714
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by savin…
|
CWE-78
OS Command
|
CVE-2020-10390
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214715
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
|
CWE-94
Code Injection
|
CVE-2020-10389
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214716
|
5.4 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10388
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214717
|
4.9 |
MEDIUM
Network
|
chadhaajay
|
phpkb
|
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter fil…
|
CWE-22
Path Traversal
|
CVE-2020-10387
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214718
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10386
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214719
|
9.8 |
CRITICAL
Network
|
technicolor
|
tc7337net_firmware
|
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-10376
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214720
|
5.4 |
MEDIUM
Network
|
ramp
|
altimeter
|
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10372
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
