|
208911
|
9.8 |
CRITICAL
Network
|
bludit
|
bludit
|
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-18879
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208912
|
5.3 |
MEDIUM
Network
|
skycaiji
|
skycaiji
|
Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.
|
CWE-22
Path Traversal
|
CVE-2020-18878
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208913
|
7.5 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
|
CWE-89
SQL Injection
|
CVE-2020-18877
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208914
|
3.3 |
LOW
Local
|
libexe_project
|
libexe
|
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on G…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-18900
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208915
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-18899
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208916
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-18898
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208917
|
7.8 |
HIGH
Local
|
libpff_project
|
libpff
|
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a craft…
|
CWE-416
Use After Free
|
CVE-2020-18897
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208918
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different…
|
CWE-79
Cross-site Scripting
|
CVE-2020-18748
|
2024-11-21 14:08 |
2021-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208919
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
|
CWE-74
Injection
|
CVE-2020-18875
|
2024-11-21 14:08 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208920
|
7.2 |
HIGH
Network
|
aitecms
|
aitecms
|
SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".
|
CWE-89
SQL Injection
|
CVE-2020-18746
|
2024-11-21 14:08 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
