|
200951
|
8.6 |
HIGH
Network
|
totvs
|
fluig
|
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
|
CWE-22
Path Traversal
|
CVE-2020-29134
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200952
|
9.8 |
CRITICAL
Network
|
cgal
fedoraproject
debian
|
computational_geometry_algorithms_library
fedora
debian_linux
|
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->…
|
-
|
CVE-2020-28636
|
2024-11-21 14:23 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200953
|
9.8 |
CRITICAL
Network
|
thimpress
|
wp_hotel_booking
|
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in inclu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29047
|
2024-11-21 14:23 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200954
|
9.8 |
CRITICAL
Network
|
bittacora
|
bpanel
|
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
|
CWE-89
SQL Injection
|
CVE-2020-28657
|
2024-11-21 14:23 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200955
|
5.9 |
MEDIUM
Network
|
saltstack
fedoraproject
debian
|
salt
fedora
debian_linux
|
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28972
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200956
|
7.8 |
HIGH
Local
|
owncloud
|
owncloud_desktop_client
|
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-28646
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200957
|
6.5 |
MEDIUM
Network
|
adobe
|
acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc
|
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an atta…
|
CWE-200
Information Exposure
|
CVE-2020-29075
|
2024-11-21 14:23 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200958
|
5.3 |
MEDIUM
Network
|
deepnetsecurity
|
dualshield
|
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
|
NVD-CWE-noinfo
|
CVE-2020-28918
|
2024-11-21 14:23 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200959
|
5.4 |
MEDIUM
Network
|
secomea
|
sitemanager_1129_firmware
sitemanager_1139_firmware
sitemanager_1149_firmware
sitemanager_3329_firmware
sitemanager_3339_firmware
sitemanager_3349_firmware
sitemanager_3529_firmware…
|
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29027
|
2024-11-21 14:23 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200960
|
6.1 |
MEDIUM
Network
|
secomea
|
sitemanager_embedded
|
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29025
|
2024-11-21 14:23 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
