|
208661
|
7.5 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-25987
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208662
|
6.5 |
MEDIUM
Network
|
monocms
|
monocms
|
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.
|
CWE-352
Origin Validation Error
|
CVE-2020-25986
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208663
|
8.8 |
HIGH
Network
|
cuppacms
|
cuppacms
|
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function prov…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26048
|
2024-11-21 14:19 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208664
|
7.5 |
HIGH
Network
|
clickstudios
|
passwordstate
|
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-26061
|
2024-11-21 14:19 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208665
|
5.4 |
MEDIUM
Network
|
qdpm
|
qdpm
|
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. Thi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26166
|
2024-11-21 14:19 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208666
|
6.1 |
MEDIUM
Network
|
livehelperchat
|
live_helper_chat
|
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26135
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208667
|
6.1 |
MEDIUM
Network
|
livehelperchat
|
live_helper_chat
|
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
|
CWE-79
Cross-site Scripting
|
CVE-2020-26134
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208668
|
8.8 |
HIGH
Network
|
openmediavault
|
openmediavault
|
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databas…
|
CWE-94
Code Injection
|
CVE-2020-26124
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208669
|
5.5 |
MEDIUM
Local
|
artifex
debian
fedoraproject
|
mupdf
debian_linux
fedora
|
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26519
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208670
|
9.8 |
CRITICAL
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-26518
|
2024-11-21 14:19 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
