|
209041
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileMa…
|
CWE-22
Path Traversal
|
CVE-2020-19154
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209042
|
8.8 |
HIGH
Network
|
jflyfox
|
jfinal_cms
|
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
|
CWE-77
Command Injection
|
CVE-2020-19151
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209043
|
8.1 |
HIGH
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component …
|
CWE-22
Path Traversal
|
CVE-2020-19150
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209044
|
5.4 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19148
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209045
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java…
|
CWE-22
Path Traversal
|
CVE-2020-19147
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209046
|
6.5 |
MEDIUM
Network
|
jflyfox
|
jfinal_cms
|
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
|
CWE-22
Path Traversal
|
CVE-2020-19146
|
2024-11-21 14:08 |
2021-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209047
|
6.5 |
MEDIUM
Network
|
simplesystems
debian
netapp
|
libtiff
debian_linux
ontap_select_deploy_administration_utility
|
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-19144
|
2024-11-21 14:08 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209048
|
6.5 |
MEDIUM
Network
|
simplesystems
debian
|
libtiff
debian_linux
|
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-19143
|
2024-11-21 14:08 |
2021-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209049
|
9.8 |
CRITICAL
Network
|
dotcms
|
dotcms
|
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19138
|
2024-11-21 14:08 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209050
|
7.5 |
HIGH
Network
|
autumn_project
|
autumn
|
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-19137
|
2024-11-21 14:08 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
