|
210031
|
7.5 |
HIGH
Network
|
snapcreek
|
duplicator
|
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
|
CWE-22
Path Traversal
|
CVE-2020-11738
|
2024-11-21 13:58 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210032
|
3.9 |
LOW
Local
|
gnome
debian
canonical
|
file-roller
debian_linux
ubuntu_linux
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2020-11736
|
2024-11-21 13:58 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210033
|
6.1 |
MEDIUM
Network
|
cybersolutions
|
cybermail
|
cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11734
|
2024-11-21 13:58 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210034
|
9.8 |
CRITICAL
Network
|
total-soft
|
responsive_poll
|
An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11673
|
2024-11-21 13:58 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210035
|
7.5 |
HIGH
Network
|
davidlingren
|
media_library_assistant
|
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
|
NVD-CWE-noinfo
|
CVE-2020-11732
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210036
|
6.1 |
MEDIUM
Network
|
davidlingren
|
media_library_assistant
|
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute …
|
CWE-79
Cross-site Scripting
|
CVE-2020-11731
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210037
|
7.5 |
HIGH
Network
|
openresty
debian
|
openresty
debian_linux
|
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-11724
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210038
|
9.8 |
CRITICAL
Network
|
dungeon_crawl_stone_soup_project
|
dungeon_crawl_stone_soup
|
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-11722
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210039
|
5.4 |
MEDIUM
Network
|
etentech
|
psg-6528vm_firmware
|
eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11714
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210040
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11713
|
2024-11-21 13:58 |
2020-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
