|
208271
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-20021
|
2024-11-21 14:11 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208272
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus
|
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-20118
|
2024-11-21 14:11 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208273
|
8.8 |
HIGH
Network
|
bludit
|
bludit
|
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20210
|
2024-11-21 14:11 |
2023-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208274
|
6.1 |
MEDIUM
Network
|
diaowen
|
dwsurvey
|
Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20070
|
2024-11-21 14:11 |
2023-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208275
|
8.8 |
HIGH
Network
|
ebcms
|
ebcms
|
File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20067
|
2024-11-21 14:11 |
2023-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208276
|
9.8 |
CRITICAL
Network
|
sudytech
|
webplus_pro
|
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.
|
CWE-22
Path Traversal
|
CVE-2020-20012
|
2024-11-21 14:11 |
2023-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208277
|
7.2 |
HIGH
Network
|
moodle
|
moodle
|
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
|
CWE-20
Improper Input Validation
|
CVE-2020-1756
|
2024-11-21 14:11 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208278
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-1755
|
2024-11-21 14:11 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208279
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own grou…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-1754
|
2024-11-21 14:11 |
2022-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208280
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2020-1691
|
2024-11-21 14:11 |
2022-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
