|
210651
|
5.5 |
MEDIUM
Local
|
kuba_project
|
kuba
|
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
|
CWE-22
Path Traversal
|
CVE-2020-23172
|
2024-11-21 14:13 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210652
|
5.5 |
MEDIUM
Local
|
nim-lang
|
nim-lang
|
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the craft…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-23171
|
2024-11-21 14:13 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210653
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
|
CWE-78
OS Command
|
CVE-2020-23151
|
2024-11-21 14:13 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210654
|
7.5 |
HIGH
Network
|
rconfig
|
rconfig
|
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
|
CWE-89
SQL Injection
|
CVE-2020-23150
|
2024-11-21 14:13 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210655
|
7.5 |
HIGH
Network
|
rconfig
|
rconfig
|
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-23149
|
2024-11-21 14:13 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210656
|
7.5 |
HIGH
Network
|
rconfig
|
rconfig
|
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
|
CWE-74
Injection
|
CVE-2020-23148
|
2024-11-21 14:13 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210657
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion
|
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22330
|
2024-11-21 14:13 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210658
|
5.4 |
MEDIUM
Network
|
intelliants
|
subrion_cms
|
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22392
|
2024-11-21 14:13 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210659
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
|
CWE-79
Cross-site Scripting
|
CVE-2020-22732
|
2024-11-21 14:13 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210660
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-22352
|
2024-11-21 14:13 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
