|
199951
|
6.1 |
MEDIUM
Network
|
myeventon
|
eventon
|
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29395
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199952
|
7.8 |
HIGH
Local
|
genivi
debian
|
diagnostic_log_and_trace
debian_linux
|
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29394
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199953
|
4.6 |
MEDIUM
Physics
|
lock_password_manager_safe_app_project
|
lock_password_manager_safe_app
|
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by t…
|
CWE-287
Improper Authentication
|
CVE-2020-29392
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199954
|
9.8 |
CRITICAL
Network
|
zeroshell
|
zeroshell
|
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shel…
|
CWE-78
OS Command
|
CVE-2020-29390
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199955
|
4.8 |
MEDIUM
Network
|
netartmedia
|
news_lister
|
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29364
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199956
|
9.8 |
CRITICAL
Network
|
readymedia_project
debian
|
readymedia
debian_linux
|
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug re…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28926
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199957
|
5.5 |
MEDIUM
Local
|
advsys
|
pngout
|
An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29384
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199958
|
5.3 |
MEDIUM
Network
|
canto
|
canto
|
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdoma…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28978
|
2024-11-21 14:23 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199959
|
5.3 |
MEDIUM
Network
|
canto
|
canto
|
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomai…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28977
|
2024-11-21 14:23 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199960
|
5.3 |
MEDIUM
Network
|
canto
|
canto
|
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?sub…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28976
|
2024-11-21 14:23 |
2020-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
