|
199921
|
3.5 |
LOW
Network
|
opencart
|
opencart
|
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
|
CWE-352
Origin Validation Error
|
CVE-2020-28838
|
2024-11-21 14:23 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199922
|
9.8 |
CRITICAL
Network
|
ubilling
|
ubilling
|
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2020-29311
|
2024-11-21 14:23 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199923
|
5.4 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29259
|
2024-11-21 14:23 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199924
|
6.1 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29258
|
2024-11-21 14:23 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199925
|
6.1 |
MEDIUM
Network
|
online_examination_system_project
|
online_examination_system
|
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29257
|
2024-11-21 14:23 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199926
|
7.5 |
HIGH
Network
|
plummac
|
ik-401_firmware
|
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credenti…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28946
|
2024-11-21 14:23 |
2020-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199927
|
5.5 |
MEDIUM
Local
|
nlnetlabs
debian
|
unbound
name_server_daemon
debian_linux
|
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing …
|
CWE-59
Link Following
|
CVE-2020-28935
|
2024-11-21 14:23 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199928
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28727
|
2024-11-21 14:23 |
2020-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199929
|
7.8 |
HIGH
Local
|
kaspersky
|
anti-ransomware_tool
|
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-28950
|
2024-11-21 14:23 |
2020-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199930
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-28916
|
2024-11-21 14:23 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
