|
208751
|
9.8 |
CRITICAL
Network
|
idreamsoft
|
icms
|
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
|
CWE-78
OS Command
|
CVE-2020-19527
|
2024-11-21 14:09 |
2020-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208752
|
7.8 |
HIGH
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-19667
|
2024-11-21 14:09 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208753
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10
windows_server_2016
windows_server_2019
|
<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrar…
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2020-1167
|
2024-11-21 14:09 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208754
|
8.8 |
HIGH
Local
|
microsoft
|
windows_10
windows_server_2019
windows_server_2016
|
<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could …
|
NVD-CWE-noinfo
|
CVE-2020-1080
|
2024-11-21 14:09 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208755
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10
windows_server_2019
windows_server_2016
|
<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could …
|
NVD-CWE-noinfo
|
CVE-2020-1047
|
2024-11-21 14:09 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208756
|
5.3 |
MEDIUM
Network
|
alibaba
|
nacos
|
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service lis…
|
NVD-CWE-noinfo
|
CVE-2020-19676
|
2024-11-21 14:09 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208757
|
9.8 |
CRITICAL
Network
|
niushop
|
niushop
|
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19672
|
2024-11-21 14:09 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208758
|
4.9 |
MEDIUM
Network
|
niushop
|
niushop
|
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-19670
|
2024-11-21 14:09 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208759
|
7.5 |
HIGH
Network
|
jdownloads
|
jdownloads
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
|
CWE-89
SQL Injection
|
CVE-2020-19455
|
2024-11-21 14:09 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208760
|
7.5 |
HIGH
Network
|
jdownloads
|
jdownloads
|
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
|
CWE-89
SQL Injection
|
CVE-2020-19451
|
2024-11-21 14:09 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
