|
196581
|
7.5 |
HIGH
Network
|
pysaml2_project
canonical
debian
|
pysaml2
ubuntu_linux
debian_linux
|
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature in…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-5390
|
2024-11-21 14:34 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196582
|
8.8 |
HIGH
Network
|
phpmyadmin
suse
debian
|
phpmyadmin
suse_linux_enterprise_server
debian_linux
|
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this …
|
CWE-89
SQL Injection
|
CVE-2020-5504
|
2024-11-21 14:34 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196583
|
8.8 |
HIGH
Network
|
small_crm_project
|
small_crm
|
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
|
CWE-89
SQL Injection
|
CVE-2020-5511
|
2024-11-21 14:34 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196584
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
hostel_management_system
|
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
|
CWE-89
SQL Injection
|
CVE-2020-5510
|
2024-11-21 14:34 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196585
|
9.8 |
CRITICAL
Network
|
opservices
|
opmon
|
An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication.
|
CWE-89
SQL Injection
|
CVE-2020-5841
|
2024-11-21 14:34 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196586
|
6.1 |
MEDIUM
Network
|
codologic
|
codoforum
|
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage …
|
CWE-79
Cross-site Scripting
|
CVE-2020-5842
|
2024-11-21 14:34 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196587
|
6.1 |
MEDIUM
Network
|
appspace
|
on-prem
|
In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5393
|
2024-11-21 14:34 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196588
|
4.8 |
MEDIUM
Network
|
codologic
|
codoforum
|
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5843
|
2024-11-21 14:34 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196589
|
8.8 |
HIGH
Network
|
ahsay
|
cloud_backup_suite
|
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-enc…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-5846
|
2024-11-21 14:34 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196590
|
6.8 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2020-5513
|
2024-11-21 14:34 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
