|
201081
|
6.1 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrato…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6583
|
2024-11-21 14:36 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201082
|
4.7 |
MEDIUM
Network
|
sap
|
business_objects_business_intelligence_platform
|
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6220
|
2024-11-21 14:35 |
2022-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201083
|
7.8 |
HIGH
Local
|
graphisoft
|
bimx_desktop_viewer
|
An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow re…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-6099
|
2024-11-21 14:35 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201084
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2020-6492
|
2024-11-21 14:35 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201085
|
6.1 |
MEDIUM
Network
|
zen-cart
|
zen_cart
|
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6578
|
2024-11-21 14:35 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201086
|
9.8 |
CRITICAL
Network
|
it-recht-kanzlei
|
it-recht-kanzlei
|
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-6577
|
2024-11-21 14:35 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201087
|
7.5 |
HIGH
Network
|
rockwellautomation
|
flex_io_1794-aent\/b_firmware
|
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-6088
|
2024-11-21 14:35 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201088
|
7.8 |
HIGH
Local
|
checkpoint
|
smartconsole
|
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation …
|
CWE-269
Improper Privilege Management
|
CVE-2020-6024
|
2024-11-21 14:35 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201089
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2020-6572
|
2024-11-21 14:35 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201090
|
6.1 |
MEDIUM
Network
|
opera
|
opera
|
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not perform…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6159
|
2024-11-21 14:35 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
