|
209821
|
7.5 |
HIGH
Network
|
nexusphp
|
nexusphp
|
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
|
CWE-863
Incorrect Authorization
|
CVE-2020-24771
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209822
|
9.8 |
CRITICAL
Network
|
nexusphp
|
nexusphp
|
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24770
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209823
|
9.8 |
CRITICAL
Network
|
nexusphp
|
nexusphp
|
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
|
CWE-89
SQL Injection
|
CVE-2020-24769
|
2024-11-21 14:16 |
2022-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209824
|
8.8 |
HIGH
Network
|
clash_project
|
clash
|
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. …
|
CWE-346
Origin Validation Error
|
CVE-2020-24772
|
2024-11-21 14:16 |
2022-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209825
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
|
NVD-CWE-noinfo
|
CVE-2020-24743
|
2024-11-21 14:16 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209826
|
9.8 |
CRITICAL
Network
|
sourcecodester
|
complaint_management_system
|
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
|
CWE-89
SQL Injection
|
CVE-2020-24932
|
2024-11-21 14:16 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209827
|
8.1 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attacke…
|
NVD-CWE-noinfo
|
CVE-2020-24930
|
2024-11-21 14:16 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209828
|
7.8 |
HIGH
Local
|
qt
|
qt
|
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
|
NVD-CWE-noinfo
|
CVE-2020-24742
|
2024-11-21 14:16 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209829
|
5.5 |
MEDIUM
Local
|
libelfin_project
|
libelfin
|
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
|
NVD-CWE-noinfo
|
CVE-2020-24827
|
2024-11-21 14:16 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209830
|
5.5 |
MEDIUM
Local
|
libelfin_project
|
libelfin
|
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
|
CWE-74
Injection
|
CVE-2020-24826
|
2024-11-21 14:16 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
