|
208951
|
9.8 |
CRITICAL
Network
|
chshcms
|
cscms
|
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
|
NVD-CWE-noinfo
|
CVE-2020-22848
|
2024-11-21 14:13 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208952
|
6.1 |
MEDIUM
Network
|
cacti
debian
|
cacti
debian_linux
|
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_adm…
|
CWE-79
Cross-site Scripting
|
CVE-2020-23226
|
2024-11-21 14:13 |
2021-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208953
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
|
CWE-78
OS Command
|
CVE-2020-22345
|
2024-11-21 14:13 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208954
|
7.5 |
HIGH
Network
|
joyplus-cms_project
|
joyplus-cms
|
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-22124
|
2024-11-21 14:13 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208955
|
7.5 |
HIGH
Network
|
find_a_place_ljcms_project
|
find_a_place_ljcms
|
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
|
CWE-89
SQL Injection
|
CVE-2020-22122
|
2024-11-21 14:13 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208956
|
8.8 |
HIGH
Network
|
txjia
|
imcat
|
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.
|
CWE-94
Code Injection
|
CVE-2020-22120
|
2024-11-21 14:13 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208957
|
6.5 |
MEDIUM
Network
|
webtareas_project
|
webtareas
|
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
|
CWE-22
Path Traversal
|
CVE-2020-23069
|
2024-11-21 14:13 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208958
|
6.1 |
MEDIUM
Network
|
atutor
|
atutor
|
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23341
|
2024-11-21 14:13 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208959
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23334
|
2024-11-21 14:13 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208960
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23333
|
2024-11-21 14:13 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
