|
199871
|
5.4 |
MEDIUM
Network
|
progress
|
moveit_transfer
|
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28647
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199872
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28693
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199873
|
7.2 |
HIGH
Network
|
gilacms
|
gila_cms
|
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28692
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199874
|
7.5 |
HIGH
Network
|
cloudavid
|
pparam
|
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-28723
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199875
|
6.8 |
MEDIUM
Physics
|
vw
|
polo_firmware
|
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a me…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2020-28656
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199876
|
5.4 |
MEDIUM
Network
|
wpbakery
|
page_builder
|
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28650
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199877
|
8.8 |
HIGH
Network
|
orbisius
|
child_theme_creator
|
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
|
CWE-352
Origin Validation Error
|
CVE-2020-28649
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199878
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
|
CWE-20
Improper Input Validation
|
CVE-2020-28648
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199879
|
9.8 |
CRITICAL
Network
|
infinitewp
|
infinitewp
|
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2020-28642
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199880
|
9.8 |
CRITICAL
Network
|
dyne
|
tomb
|
ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only …
|
CWE-287
Improper Authentication
|
CVE-2020-28638
|
2024-11-21 14:23 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
