|
209481
|
8.8 |
HIGH
Network
|
j2store
|
j2store
|
The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.
|
CWE-89
SQL Injection
|
CVE-2020-13996
|
2024-11-21 14:02 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209482
|
5.4 |
MEDIUM
Network
|
your_online_shop_project
|
your_online_shop
|
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13911
|
2024-11-21 14:02 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209483
|
8.8 |
HIGH
Adjacent
|
royalapps
|
royal_ts
|
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13872
|
2024-11-21 14:02 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209484
|
5.4 |
MEDIUM
Network
|
themeboy
|
sportspress
|
The SportsPress plugin before 2.7.2 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13892
|
2024-11-21 14:02 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209485
|
4.8 |
MEDIUM
Network
|
opencart
|
opencart
|
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists becau…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13980
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209486
|
7.2 |
HIGH
Network
|
monstra
|
monstra_cms
|
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the …
|
CWE-78
OS Command
|
CVE-2020-13978
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209487
|
4.9 |
MEDIUM
Network
|
nagios
fedoraproject
|
nagios
fedora
|
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of t…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-13977
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209488
|
8.8 |
HIGH
Network
|
dd-wrt
|
dd-wrt
|
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation…
|
CWE-78
OS Command
|
CVE-2020-13976
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209489
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in th…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-13974
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209490
|
6.1 |
MEDIUM
Network
|
owasp
|
json-sanitizer
|
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13973
|
2024-11-21 14:02 |
2020-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
