|
197591
|
8.8 |
HIGH
Network
|
django-user-sessions_project
|
django-user-sessions
|
In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rend…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-5224
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197592
|
8.8 |
HIGH
Network
|
peerigon
|
angular-expressions
|
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. I…
|
CWE-74
Injection
|
CVE-2020-5219
|
2024-11-21 14:33 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197593
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5217
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197594
|
5.8 |
MEDIUM
Network
|
twitter
|
secure_headers
|
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_s…
|
CWE-74
Injection
|
CVE-2020-5216
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197595
|
4.4 |
MEDIUM
Network
|
privatebin
|
privatebin
|
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5223
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197596
|
7.2 |
HIGH
Network
|
troglobit
|
uftpd
|
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesys…
|
CWE-22
Path Traversal
|
CVE-2020-5221
|
2024-11-21 14:33 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197597
|
5.5 |
MEDIUM
Local
|
apt-cacher-ng_project
debian
opensuse
|
apt-cacher-ng
debian_linux
leap
backports
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via …
|
NVD-CWE-noinfo
|
CVE-2020-5202
|
2024-11-21 14:33 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197598
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5193
|
2024-11-21 14:33 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197599
|
8.1 |
HIGH
Network
|
cerberusftp
|
ftp_server
|
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permis…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-5196
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197600
|
5.4 |
MEDIUM
Network
|
cerberusftp
|
ftp_server
|
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification o…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-5194
|
2024-11-21 14:33 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
