|
211791
|
7.5 |
HIGH
Network
|
5none
|
nonecms
|
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-18646
|
2024-11-21 14:08 |
2021-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211792
|
3.3 |
LOW
Local
|
zziplib_project
debian
fedoraproject
|
zziplib
debian_linux
fedora
|
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-18442
|
2024-11-21 14:08 |
2021-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211793
|
6.1 |
MEDIUM
Network
|
zblogcn
|
z-blogphp
|
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
|
CWE-601
Open Redirect
|
CVE-2020-18268
|
2024-11-21 14:08 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211794
|
8.8 |
HIGH
Network
|
simple-log_project
|
simple-log
|
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
|
CWE-352
Origin Validation Error
|
CVE-2020-18265
|
2024-11-21 14:08 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211795
|
8.8 |
HIGH
Network
|
simple-log_project
|
simple-log
|
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
|
CWE-352
Origin Validation Error
|
CVE-2020-18264
|
2024-11-21 14:08 |
2021-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211796
|
8.8 |
HIGH
Network
|
libjpeg-turbo
|
libjpeg-turbo
|
Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-17541
|
2024-11-21 14:08 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211797
|
7.5 |
HIGH
Network
|
gnu
|
gama
|
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-18395
|
2024-11-21 14:08 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211798
|
5.5 |
MEDIUM
Local
|
cesanta
|
mjs
|
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-18392
|
2024-11-21 14:08 |
2021-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211799
|
4.8 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18230
|
2024-11-21 14:08 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211800
|
4.8 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
|
CWE-79
Cross-site Scripting
|
CVE-2020-18229
|
2024-11-21 14:08 |
2021-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
