|
196421
|
7.2 |
HIGH
Network
|
handysoft
|
groupware
|
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
|
CWE-78
OS Command
|
CVE-2020-7804
|
2024-11-21 14:37 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196422
|
6.0 |
MEDIUM
Local
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set confi…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-7453
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196423
|
9.1 |
CRITICAL
Network
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epai…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-7452
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196424
|
5.3 |
MEDIUM
Network
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 t…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-7451
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196425
|
8.1 |
HIGH
Network
|
fun-map_project
|
fun-map
|
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7644
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196426
|
9.8 |
CRITICAL
Network
|
pixlcore
|
pixl-class
|
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7640
|
2024-11-21 14:37 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196427
|
9.8 |
CRITICAL
Network
|
node-rules_project
|
node-rules
|
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
|
CWE-94
Code Injection
|
CVE-2020-7609
|
2024-11-21 14:37 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196428
|
5.3 |
MEDIUM
Network
|
idea
|
paypal-adaptive
|
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7643
|
2024-11-21 14:37 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196429
|
7.8 |
HIGH
Local
|
rapid7
|
metasploit
|
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's …
|
CWE-78
OS Command
|
CVE-2020-7350
|
2024-11-21 14:37 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196430
|
7.8 |
HIGH
Local
|
schneider-electric
|
vijeo_designer
|
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the sys…
|
CWE-426
Untrusted Search Path
|
CVE-2020-7490
|
2024-11-21 14:37 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
