|
208441
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23719
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208442
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23718
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208443
|
8.8 |
HIGH
Network
|
ayacms_project
|
ayacms
|
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
|
CWE-352
Origin Validation Error
|
CVE-2020-23686
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208444
|
9.8 |
CRITICAL
Network
|
vtimecn
|
188jianzhan
|
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
|
CWE-89
SQL Injection
|
CVE-2020-23685
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208445
|
5.3 |
MEDIUM
Network
|
discourse
|
discourse
|
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24327
|
2024-11-21 14:14 |
2021-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208446
|
8.1 |
HIGH
Network
|
ponzu-cms
|
ponzu
|
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accoun…
|
CWE-352
Origin Validation Error
|
CVE-2020-24130
|
2024-11-21 14:14 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208447
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS)…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23707
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208448
|
6.5 |
MEDIUM
Network
|
ok-file-formats_project
|
ok-file-formats
|
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23706
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208449
|
6.5 |
MEDIUM
Network
|
rockcarry
|
ffjpeg
|
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-23705
|
2024-11-21 14:14 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208450
|
9.8 |
CRITICAL
Network
|
radare
|
radare2-extras
|
A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24133
|
2024-11-21 14:14 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
