|
208811
|
7.2 |
HIGH
Network
|
sem-cms
|
semcms
|
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23564
|
2024-11-21 14:13 |
2023-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208812
|
7.5 |
HIGH
Network
|
insightsoftware
|
jreport
|
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
|
CWE-22
Path Traversal
|
CVE-2020-22623
|
2024-11-21 14:13 |
2023-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208813
|
9.8 |
CRITICAL
Network
|
pdfcrack_project
|
pdfcrack
|
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-22336
|
2024-11-21 14:13 |
2023-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208814
|
6.1 |
MEDIUM
Network
|
selenium
|
selenium_grid
|
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/c…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23452
|
2024-11-21 14:13 |
2023-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208815
|
9.8 |
CRITICAL
Network
|
jerryscript
|
jerryscript
|
An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.
|
NVD-CWE-noinfo
|
CVE-2020-22597
|
2024-11-21 14:13 |
2023-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208816
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-22153
|
2024-11-21 14:13 |
2023-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208817
|
5.4 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22152
|
2024-11-21 14:13 |
2023-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208818
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
|
NVD-CWE-noinfo
|
CVE-2020-22151
|
2024-11-21 14:13 |
2023-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208819
|
5.4 |
MEDIUM
Network
|
ibexa
|
ezpublish_legacy
ezpublish_platform
|
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23065
|
2024-11-21 14:13 |
2023-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208820
|
6.1 |
MEDIUM
Network
|
alinto
|
sogo_web_mail
|
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22402
|
2024-11-21 14:13 |
2023-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
