|
201531
|
7.5 |
HIGH
Network
|
redislabs
|
redisgraph
|
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35668
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201532
|
8.8 |
HIGH
Network
|
steedos
|
steedos
|
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoD…
|
CWE-89
SQL Injection
|
CVE-2020-35666
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201533
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
|
CWE-78
OS Command
|
CVE-2020-35665
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201534
|
7.5 |
HIGH
Network
|
advanced_comment_system_project
|
advanced_comment_system
|
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
|
CWE-22
Path Traversal
|
CVE-2020-35598
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201535
|
8.8 |
HIGH
Network
|
raysync
|
raysync
|
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can…
|
CWE-22
Path Traversal
|
CVE-2020-35370
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201536
|
8.8 |
HIGH
Network
|
nagios
|
nagios_core
|
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
|
CWE-352
Origin Validation Error
|
CVE-2020-35269
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201537
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35252
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201538
|
6.1 |
MEDIUM
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem PO…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35650
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201539
|
7.5 |
HIGH
Network
|
mersive
|
solstice_firmware
|
In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is dir…
|
NVD-CWE-noinfo
|
CVE-2020-35587
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201540
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there i…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35586
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
