|
200321
|
7.8 |
HIGH
Local
|
kaspersky
|
anti-ransomware_tool
|
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-28950
|
2024-11-21 14:23 |
2020-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200322
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-28916
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200323
|
2.7 |
LOW
Network
|
lightbend
|
play_framework
|
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior …
|
NVD-CWE-Other
|
CVE-2020-28923
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200324
|
7.2 |
HIGH
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28939
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200325
|
5.4 |
MEDIUM
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28938
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200326
|
7.5 |
HIGH
Network
|
openclinic_project
|
openclinic
|
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Prot…
|
CWE-306
CWE-425
Missing Authentication for Critical Function
Direct Request ('Forced Browsing')
|
CVE-2020-28937
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200327
|
9.8 |
CRITICAL
Network
|
adrianmercurio
|
gym_management_system
|
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
|
CWE-89
SQL Injection
|
CVE-2020-29288
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200328
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
|
CWE-89
SQL Injection
|
CVE-2020-29287
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200329
|
9.8 |
CRITICAL
Network
|
point_of_sales_in_php\/pdo_project
|
point_of_sales_in_php\/pdo
|
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
|
CWE-89
SQL Injection
|
CVE-2020-29285
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200330
|
9.8 |
CRITICAL
Network
|
multi_restaurant_table_reservation_system_project
|
multi_restaurant_table_reservation_system
|
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can s…
|
CWE-89
SQL Injection
|
CVE-2020-29284
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
