|
210851
|
2.3 |
LOW
Local
|
gigamon
|
gigavue-os
|
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-23250
|
2024-11-21 14:13 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210852
|
4.7 |
MEDIUM
Network
|
gigamon
|
gigavue-os
|
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-23249
|
2024-11-21 14:13 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210853
|
7.5 |
HIGH
Network
|
veno_file_manager_project
|
veno_file_manager
|
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.
|
CWE-22
Path Traversal
|
CVE-2020-22550
|
2024-11-21 14:13 |
2021-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210854
|
9.8 |
CRITICAL
Network
|
jsonpickle_project
|
jsonpickle
|
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documente…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-22083
|
2024-11-21 14:13 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210855
|
7.2 |
HIGH
Network
|
txjia
|
imcat
|
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-23520
|
2024-11-21 14:13 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210856
|
6.1 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-22394
|
2024-11-21 14:13 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210857
|
6.1 |
MEDIUM
Network
|
ljcmsshop_project
|
ljcmsshop
|
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by regi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22723
|
2024-11-21 14:13 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210858
|
7.5 |
HIGH
Network
|
wwbn
|
avideo
|
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak d…
|
NVD-CWE-noinfo
|
CVE-2020-23490
|
2024-11-21 14:13 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210859
|
8.8 |
HIGH
Network
|
wwbn
|
avideo
|
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in plac…
|
CWE-862
Missing Authorization
|
CVE-2020-23489
|
2024-11-21 14:13 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210860
|
8.1 |
HIGH
Network
|
microweber
|
microweber
|
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session doe…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-23140
|
2024-11-21 14:13 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
