|
214781
|
8.8 |
HIGH
Network
|
phproject
|
phproject
|
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11011
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214782
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-352
Origin Validation Error
|
CVE-2020-10892
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214783
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10891
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214784
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-352
Origin Validation Error
|
CVE-2020-10890
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214785
|
7.8 |
HIGH
Local
|
foxitsoftware
|
phantompdf
reader
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the …
|
CWE-843
Type Confusion
|
CVE-2020-10889
|
2024-11-21 13:56 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214786
|
7.5 |
HIGH
Network
|
git-scm
debian
canonical
fedoraproject
|
git
debian_linux
ubuntu_linux
fedora
|
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11008
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214787
|
8.8 |
HIGH
Network
|
vestacp
|
vesta_control_panel
|
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).
|
NVD-CWE-noinfo
|
CVE-2020-10787
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214788
|
8.8 |
HIGH
Network
|
vestacp
|
vesta_control_panel
|
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
|
CWE-863
Incorrect Authorization
|
CVE-2020-10786
|
2024-11-21 13:56 |
2020-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214789
|
8.8 |
HIGH
Network
|
tortoise_orm_project
|
tortoise_orm
|
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only…
|
CWE-89
SQL Injection
|
CVE-2020-11010
|
2024-11-21 13:56 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214790
|
5.4 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10935
|
2024-11-21 13:56 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
