|
197311
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_…
|
CWE-862
Missing Authorization
|
CVE-2020-9458
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197312
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_set…
|
CWE-862
Missing Authorization
|
CVE-2020-9457
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197313
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_r…
|
CWE-862
Missing Authorization
|
CVE-2020-9456
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197314
|
4.3 |
MEDIUM
Network
|
metagauss
|
registrationmagic
|
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php se…
|
CWE-862
Missing Authorization
|
CVE-2020-9455
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197315
|
8.8 |
HIGH
Network
|
metagauss
|
registrationmagic
|
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, i…
|
CWE-352
Origin Validation Error
|
CVE-2020-9454
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197316
|
6.5 |
MEDIUM
Network
|
mi
|
miui_firmware
|
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induc…
|
CWE-94
Code Injection
|
CVE-2020-9530
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197317
|
7.3 |
HIGH
Adjacent
|
mi
|
miui_firmware
|
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files…
|
NVD-CWE-noinfo
|
CVE-2020-9531
|
2024-11-21 14:40 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197318
|
7.8 |
HIGH
Local
|
redsoftware
|
pdfescape
|
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.
|
CWE-426
Untrusted Search Path
|
CVE-2020-9418
|
2024-11-21 14:40 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197319
|
7.5 |
HIGH
Network
|
d-link
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9544
|
2024-11-21 14:40 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197320
|
8.8 |
HIGH
Network
|
djangoproject
debian
fedoraproject
netapp
canonical
|
django
debian_linux
fedora
steelstore_cloud_integrated_storage
ubuntu_linux
|
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a sui…
|
CWE-89
SQL Injection
|
CVE-2020-9402
|
2024-11-21 14:40 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
