|
217631
|
9.8 |
CRITICAL
Network
|
pisay_online_e-learning_system_project
|
pisay_online_e-learning_system
|
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via…
|
CWE-89
SQL Injection
|
CVE-2020-14972
|
2024-11-21 14:04 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217632
|
7.5 |
HIGH
Network
|
misp
|
misp
|
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable a…
|
CWE-862
Missing Authorization
|
CVE-2020-14969
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217633
|
9.8 |
CRITICAL
Network
|
jsrsasign_project
netapp
|
jsrsasign
max_data
|
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a s…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-14968
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217634
|
9.8 |
CRITICAL
Network
|
jsrsasign_project
netapp
|
jsrsasign
max_data
|
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertext…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-14967
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217635
|
7.5 |
HIGH
Network
|
jsrsasign_project
netapp
|
jsrsasign
max_data
|
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appe…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-14966
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217636
|
5.4 |
MEDIUM
Network
|
machothemes
|
image_photo_gallery_final_tiles_grid
|
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14962
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217637
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
|
NVD-CWE-noinfo
|
CVE-2020-14961
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217638
|
7.2 |
HIGH
Network
|
php-fusion
|
php-fusion
|
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
|
CWE-89
SQL Injection
|
CVE-2020-14960
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217639
|
5.4 |
MEDIUM
Network
|
goldplugins
|
easy_testimonials
|
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, We…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14959
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217640
|
6.5 |
MEDIUM
Network
|
gogs
|
gogs
|
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-14958
|
2024-11-21 14:04 |
2020-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
