|
209851
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or expl…
|
CWE-89
SQL Injection
|
CVE-2020-24791
|
2024-11-21 14:16 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209852
|
9.8 |
CRITICAL
Network
|
qcubed
|
qcubed
|
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24914
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209853
|
9.8 |
CRITICAL
Network
|
qcubed
|
qcubed
|
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a …
|
CWE-89
SQL Injection
|
CVE-2020-24913
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209854
|
6.1 |
MEDIUM
Network
|
qcubed
|
qcubed
|
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authentica…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24912
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209855
|
7.8 |
HIGH
Local
|
checkmk
|
checkmk
|
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
|
NVD-CWE-Other
|
CVE-2020-24908
|
2024-11-21 14:16 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209856
|
9.8 |
CRITICAL
Network
|
sdg
|
pnpscada
|
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit late…
|
CWE-89
SQL Injection
|
CVE-2020-24841
|
2024-11-21 14:16 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209857
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
|
CWE-78
OS Command
|
CVE-2020-24899
|
2024-11-21 14:16 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209858
|
6.1 |
MEDIUM
Network
|
sdgc
|
pnpscada
|
PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24842
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209859
|
7.5 |
HIGH
Network
|
issuer_project
|
issuer
|
An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-24838
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209860
|
7.5 |
HIGH
Network
|
zcfees_project
|
zcfees
|
An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a n…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-24837
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
