|
200201
|
4.8 |
MEDIUM
Network
|
wondercms
|
wondercms
|
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29247
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200202
|
7.0 |
HIGH
Local
|
mariadb
|
mariadb
|
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the n…
|
NVD-CWE-Other
|
CVE-2020-28912
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200203
|
8.1 |
HIGH
Network
|
terra-master
|
tos
|
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
|
NVD-CWE-noinfo
|
CVE-2020-29189
|
2024-11-21 14:23 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200204
|
7.1 |
HIGH
Local
|
malwarebytes
|
malwarebytes
endpoint_protection
|
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
|
CWE-59
Link Following
|
CVE-2020-28641
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200205
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadi…
|
NVD-CWE-noinfo
|
CVE-2020-29396
|
2024-11-21 14:23 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200206
|
6.5 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.…
|
CWE-611
XXE
|
CVE-2020-29436
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200207
|
8.8 |
HIGH
Network
|
epson
|
eps_tse_server_8_firmware
|
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by…
|
CWE-352
Origin Validation Error
|
CVE-2020-28931
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200208
|
5.4 |
MEDIUM
Network
|
epson
|
eps_tse_server_8_firmware
|
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28930
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200209
|
9.8 |
CRITICAL
Network
|
epson
|
eps_tse_server_8_firmware
|
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenan…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28929
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200210
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
oracle
|
p11-kit
debian_linux
communications_cloud_native_core_policy
|
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29363
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
