|
208981
|
9.8 |
CRITICAL
Network
|
rockoa
|
rockoa
|
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.
|
CWE-89
SQL Injection
|
CVE-2020-18714
|
2024-11-21 14:08 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208982
|
9.8 |
CRITICAL
Network
|
rockoa
|
rockoa
|
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php
|
CWE-89
SQL Injection
|
CVE-2020-18713
|
2024-11-21 14:08 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208983
|
5.4 |
MEDIUM
Network
|
altn
|
mdaemon_webmail
|
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18724
|
2024-11-21 14:08 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208984
|
5.4 |
MEDIUM
Network
|
altn
|
mdaemon_webmail
|
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially ma…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18723
|
2024-11-21 14:08 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208985
|
9.8 |
CRITICAL
Network
|
apache
|
shiro
|
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
|
CWE-287
Improper Authentication
|
CVE-2020-17523
|
2024-11-21 14:08 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208986
|
7.5 |
HIGH
Network
|
apache
|
cassandra
|
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted intern…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-17516
|
2024-11-21 14:08 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208987
|
9.8 |
CRITICAL
Network
|
dlink
|
dsr-250_firmware
dsr-1000n_firmware
|
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
|
CWE-78
OS Command
|
CVE-2020-18568
|
2024-11-21 14:08 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208988
|
5.8 |
MEDIUM
Network
|
apache
|
traffic_control
|
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary conten…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-17522
|
2024-11-21 14:08 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208989
|
8.8 |
HIGH
Network
|
apache
|
java_chassis
|
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-17532
|
2024-11-21 14:08 |
2021-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208990
|
7.0 |
HIGH
Local
|
apache
|
html\/java_api
|
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has r…
|
CWE-362
Race Condition
|
CVE-2020-17534
|
2024-11-21 14:08 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
