|
211241
|
10.0 |
CRITICAL
Network
|
scratch-wiki
|
scratch_login
|
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whit…
|
CWE-74
Injection
|
CVE-2020-15164
|
2024-11-21 14:04 |
2020-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211242
|
8.1 |
HIGH
Network
|
nodebb
|
blog_comments
|
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF …
|
-
|
CVE-2020-15156
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211243
|
9.8 |
CRITICAL
Network
|
mz-automation
|
libiec61850
|
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an appli…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-15158
|
2024-11-21 14:04 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211244
|
8.5 |
HIGH
Network
|
cogboard
|
red_discord_bot
|
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to in…
|
CWE-74
Injection
|
CVE-2020-15147
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211245
|
9.6 |
CRITICAL
Network
|
cogboard
|
red_discord_bot
|
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia …
|
CWE-74
Injection
|
CVE-2020-15140
|
2024-11-21 14:04 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211246
|
8.8 |
HIGH
Network
|
zulip
|
zulip_server
|
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
|
CWE-94
Code Injection
|
CVE-2020-15070
|
2024-11-21 14:04 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211247
|
8.0 |
HIGH
Network
|
openmage
magento
|
openmage_long_term_support
magento
|
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. …
|
CWE-352
Origin Validation Error
|
CVE-2020-15151
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211248
|
8.8 |
HIGH
Network
|
sylius
|
syliusresourcebundle
|
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized prop…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-15146
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211249
|
8.8 |
HIGH
Network
|
sylius
|
syliusresourcebundle
|
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized pro…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2020-15143
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211250
|
5.4 |
MEDIUM
Network
|
auth0
|
lock
|
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15119
|
2024-11-21 14:04 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
