|
209181
|
7.8 |
HIGH
Local
|
shopxo
|
shopxo
|
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploadi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26008
|
2024-11-21 14:19 |
2022-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209182
|
7.8 |
HIGH
Local
|
shopxo
|
shopxo
|
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26007
|
2024-11-21 14:19 |
2022-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209183
|
6.1 |
MEDIUM
Local
|
jhead_project
|
jhead
|
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhea…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26208
|
2024-11-21 14:19 |
2022-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209184
|
10.0 |
CRITICAL
Network
|
ssh2_project
|
ssh2
|
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lea…
|
-
|
CVE-2020-26301
|
2024-11-21 14:19 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209185
|
9.8 |
CRITICAL
Network
|
systeminformation
|
systeminformation
|
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fix…
|
CWE-78
OS Command
|
CVE-2020-26300
|
2024-11-21 14:19 |
2021-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209186
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_tcp\/ip
|
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcal…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-25927
|
2024-11-21 14:19 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209187
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_tcp\/ip
|
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). T…
|
CWE-331
Insufficient Entropy
|
CVE-2020-25926
|
2024-11-21 14:19 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209188
|
9.8 |
CRITICAL
Network
|
hcc-embedded
|
nichestack_tcp\/ip
|
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2020-25928
|
2024-11-21 14:19 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209189
|
8.8 |
HIGH
Network
|
dell
|
emc_powerscale_onefs
emc_isilon_onefs
|
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-26180
|
2024-11-21 14:19 |
2021-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209190
|
6.1 |
MEDIUM
Network
|
eventespresso
|
event_espresso
|
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.1…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26153
|
2024-11-21 14:19 |
2021-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
