|
210121
|
9.8 |
CRITICAL
Network
|
science-miner
|
pdf2xml
|
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23874
|
2024-11-21 14:14 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210122
|
9.8 |
CRITICAL
Network
|
science-miner
|
pdf2xml
|
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-23873
|
2024-11-21 14:14 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210123
|
7.5 |
HIGH
Network
|
science-miner
|
pdf2xml
|
A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-23872
|
2024-11-21 14:14 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210124
|
9.8 |
CRITICAL
Network
|
eyoucms
|
eyoucms
|
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2020-24000
|
2024-11-21 14:14 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210125
|
9.6 |
CRITICAL
Network
|
php-fusion
|
phpfusion
|
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23754
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210126
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23719
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210127
|
9.6 |
CRITICAL
Network
|
zibbs_project
|
zibbs
|
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23718
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210128
|
8.8 |
HIGH
Network
|
ayacms_project
|
ayacms
|
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
|
CWE-352
Origin Validation Error
|
CVE-2020-23686
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210129
|
9.8 |
CRITICAL
Network
|
vtimecn
|
188jianzhan
|
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
|
CWE-89
SQL Injection
|
CVE-2020-23685
|
2024-11-21 14:14 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210130
|
5.3 |
MEDIUM
Network
|
discourse
|
discourse
|
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24327
|
2024-11-21 14:14 |
2021-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
