|
197971
|
9.8 |
CRITICAL
Network
|
curlrequest_project
|
curlrequest
|
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input.
|
CWE-78
OS Command
|
CVE-2020-7646
|
2024-11-21 14:37 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197972
|
7.5 |
HIGH
Network
|
citrix
|
sharefile_storagezones_controller
|
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to acces…
|
CWE-22
Path Traversal
|
CVE-2020-7473
|
2024-11-21 14:37 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197973
|
9.8 |
CRITICAL
Network
|
tobesoft
|
xplatform
|
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code executi…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-7806
|
2024-11-21 14:37 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197974
|
9.8 |
CRITICAL
Network
|
google
|
chrome-launcher
|
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
|
CWE-78
OS Command
|
CVE-2020-7645
|
2024-11-21 14:37 |
2020-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197975
|
8.8 |
HIGH
Network
|
netfortris
|
trixbox
|
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "a…
|
CWE-78
OS Command
|
CVE-2020-7351
|
2024-11-21 14:37 |
2020-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197976
|
7.2 |
HIGH
Network
|
handysoft
|
groupware
|
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
|
CWE-78
OS Command
|
CVE-2020-7804
|
2024-11-21 14:37 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197977
|
6.0 |
MEDIUM
Local
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set confi…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2020-7453
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197978
|
9.1 |
CRITICAL
Network
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epai…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-7452
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197979
|
5.3 |
MEDIUM
Network
|
freebsd
|
freebsd
|
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 t…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-7451
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197980
|
8.1 |
HIGH
Network
|
fun-map_project
|
fun-map
|
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7644
|
2024-11-21 14:37 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
