|
201041
|
5.3 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sens…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28861
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201042
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-28860
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201043
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28859
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201044
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forger…
|
CWE-352
Origin Validation Error
|
CVE-2020-28858
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201045
|
6.1 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28857
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201046
|
7.5 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-28856
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201047
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, t…
|
NVD-CWE-noinfo
|
CVE-2020-29227
|
2024-11-21 14:23 |
2020-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201048
|
8.8 |
HIGH
Network
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary a…
|
CWE-352
Origin Validation Error
|
CVE-2020-29254
|
2024-11-21 14:23 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201049
|
3.5 |
LOW
Network
|
opencart
|
opencart
|
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
|
CWE-352
Origin Validation Error
|
CVE-2020-28838
|
2024-11-21 14:23 |
2020-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201050
|
9.8 |
CRITICAL
Network
|
ubilling
|
ubilling
|
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2020-29311
|
2024-11-21 14:23 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
