|
209991
|
8.8 |
HIGH
Network
|
php-fusion
|
php-fusion
|
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter…
|
CWE-89
SQL Injection
|
CVE-2020-12461
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209992
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-12277
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209993
|
4.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12276
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209994
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
|
NVD-CWE-noinfo
|
CVE-2020-12275
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209995
|
5.5 |
MEDIUM
Local
|
grafana
fedoraproject
|
grafana
fedora
|
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world reada…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12459
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209996
|
5.5 |
MEDIUM
Local
|
grafana
redhat
fedoraproject
|
grafana
ceph_storage
enterprise_linux
fedora
|
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposur…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-12458
|
2024-11-21 13:59 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209997
|
7.8 |
HIGH
Local
|
gskill
|
trident_z_lighting_control
|
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input f…
|
NVD-CWE-noinfo
|
CVE-2020-12446
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209998
|
6.2 |
MEDIUM
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12252
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209999
|
2.2 |
LOW
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve dir…
|
CWE-22
Path Traversal
|
CVE-2020-12251
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210000
|
8.8 |
HIGH
Network
|
beeline
|
smart_box_firmware
|
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute tra…
|
CWE-78
OS Command
|
CVE-2020-12246
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
