|
209541
|
7.5 |
HIGH
Network
|
misp
|
misp
|
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
|
NVD-CWE-noinfo
|
CVE-2020-25766
|
2024-11-21 14:18 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209542
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-25756
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209543
|
8.8 |
HIGH
Network
|
corephp
|
pago_commerce
|
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
|
CWE-89
SQL Injection
|
CVE-2020-25751
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209544
|
7.5 |
HIGH
Network
|
dotplant
|
dotplant2
|
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']…
|
CWE-611
XXE
|
CVE-2020-25750
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209545
|
8.1 |
HIGH
Network
|
safervpn
|
safervpn
|
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA…
|
CWE-59
Link Following
|
CVE-2020-25744
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209546
|
6.1 |
MEDIUM
Network
|
webtareas_project
|
webtareas
|
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/cl…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25735
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209547
|
5.3 |
MEDIUM
Network
|
webtareas_project
|
webtareas
|
webTareas through 2.1 allows files/Default/ Directory Listing.
|
CWE-22
Path Traversal
|
CVE-2020-25734
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209548
|
7.5 |
HIGH
Network
|
webtareas_project
|
webtareas
|
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25733
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209549
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25729
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209550
|
9.8 |
CRITICAL
Network
|
sqreen
|
python_mini_racer
|
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25489
|
2024-11-21 14:18 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
