|
196301
|
6.5 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
|
CWE-22
Path Traversal
|
CVE-2020-7652
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196302
|
4.3 |
MEDIUM
Network
|
synk
|
broker
|
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commit…
|
CWE-22
Path Traversal
|
CVE-2020-7651
|
2024-11-21 14:37 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196303
|
9.8 |
CRITICAL
Network
|
kaoni
|
ezhttptrans
|
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the ac…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-7812
|
2024-11-21 14:37 |
2020-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196304
|
6.1 |
MEDIUM
Network
|
meinheld
|
meinheld
|
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header pa…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7658
|
2024-11-21 14:37 |
2020-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196305
|
9.8 |
CRITICAL
Network
|
kaoni
|
ezhttptrans
|
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the argumen…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-7813
|
2024-11-21 14:37 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196306
|
9.8 |
CRITICAL
Network
|
raonwiz
|
raon_k_upload
|
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL a…
|
CWE-88
Argument Injection
|
CVE-2020-7808
|
2024-11-21 14:37 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196307
|
6.1 |
MEDIUM
Network
|
hive
|
netius
|
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could a…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-7655
|
2024-11-21 14:37 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196308
|
6.1 |
MEDIUM
Network
|
jquery
oracle
netapp
juniper
|
jquery
peoplesoft_enterprise_peopletools
snap_creator_framework
cloud_backup
oncommand_system_manager
active_iq_unified_manager
junos
|
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7656
|
2024-11-21 14:37 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196309
|
6.1 |
MEDIUM
Network
|
altools
|
alsong
|
ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7809
|
2024-11-21 14:37 |
2020-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196310
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates s…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2020-7455
|
2024-11-21 14:37 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
