|
199741
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
debian
|
webmail
fedora
debian_linux
|
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference el…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35730
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199742
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
|
CWE-20
Improper Input Validation
|
CVE-2020-35616
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199743
|
6.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2020-35615
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199744
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
|
NVD-CWE-noinfo
|
CVE-2020-35614
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199745
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
|
CWE-89
SQL Injection
|
CVE-2020-35613
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199746
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
|
CWE-22
Path Traversal
|
CVE-2020-35612
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199747
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
|
CWE-200
Information Exposure
|
CVE-2020-35611
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199748
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
|
NVD-CWE-noinfo
|
CVE-2020-35610
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199749
|
8.8 |
HIGH
Network
|
woocommerce
|
gift_cards
|
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift C…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35627
|
2024-11-21 14:27 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199750
|
6.1 |
MEDIUM
Local
|
wavpack
debian
fedoraproject
|
wavpack
debian_linux
fedora
|
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" re…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-35738
|
2024-11-21 14:27 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
