|
209831
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
|
NVD-CWE-noinfo
|
CVE-2020-28572
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209832
|
7.5 |
HIGH
Network
|
golang
|
go
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|
CWE-94
Code Injection
|
CVE-2020-28367
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209833
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
|
CWE-94
Code Injection
|
CVE-2020-28366
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209834
|
7.5 |
HIGH
Network
|
golang
fedoraproject
netapp
|
go
fedora
trident
cloud_insights_telegraf_agent
|
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28362
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209835
|
7.5 |
HIGH
Network
|
cxuu
|
cxuucms
|
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
|
CWE-89
SQL Injection
|
CVE-2020-28091
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209836
|
6.5 |
MEDIUM
Network
|
tp-link
|
tl-wpa4220_firmware
|
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28005
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209837
|
5.4 |
MEDIUM
Network
|
kamailio
|
kamailio
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. …
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-28361
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209838
|
9.8 |
CRITICAL
Network
|
water_billing_system_project
|
water_billing_system
|
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
|
CWE-89
SQL Injection
|
CVE-2020-28183
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209839
|
6.1 |
MEDIUM
Network
|
pescms
|
pescms_team
|
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
|
CWE-79
Cross-site Scripting
|
CVE-2020-28092
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209840
|
9.8 |
CRITICAL
Network
|
online_library_management_system_project
|
online_library_management_system
|
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add be…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28130
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
