|
208751
|
7.5 |
HIGH
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vul…
|
CWE-89
SQL Injection
|
CVE-2020-20469
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208752
|
6.5 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
|
CWE-352
Origin Validation Error
|
CVE-2020-20468
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208753
|
6.5 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
|
NVD-CWE-Other
|
CVE-2020-20467
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208754
|
9.8 |
CRITICAL
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
|
CWE-863
Incorrect Authorization
|
CVE-2020-20466
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208755
|
7.2 |
HIGH
Network
|
openclinic_project
|
openclinic
|
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE v…
|
CWE-862
Missing Authorization
|
CVE-2020-20444
|
2024-11-21 14:12 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208756
|
6.1 |
MEDIUM
Network
|
zrlog
|
zrlog
|
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21316
|
2024-11-21 14:12 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208757
|
6.5 |
MEDIUM
Network
|
wellcms
|
wellcms
|
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21005
|
2024-11-21 14:12 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208758
|
4.8 |
MEDIUM
Network
|
pbootcms
|
pbootcms
|
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-21003
|
2024-11-21 14:12 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208759
|
6.5 |
MEDIUM
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
|
CWE-369
Divide By Zero
|
CVE-2020-20453
|
2024-11-21 14:12 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208760
|
7.5 |
HIGH
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-20451
|
2024-11-21 14:12 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
