|
211041
|
5.4 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20695
|
2024-11-21 14:12 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211042
|
8.8 |
HIGH
Network
|
gilacms
|
gila_cms
|
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
|
CWE-352
Origin Validation Error
|
CVE-2020-20693
|
2024-11-21 14:12 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211043
|
7.2 |
HIGH
Network
|
gilacms
|
gila_cms
|
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
|
CWE-89
SQL Injection
|
CVE-2020-20692
|
2024-11-21 14:12 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211044
|
6.5 |
MEDIUM
Network
|
monstra
|
monstra_cms
|
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-20691
|
2024-11-21 14:12 |
2021-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211045
|
8.1 |
HIGH
Network
|
maccms
|
maccms
|
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
|
CWE-352
Origin Validation Error
|
CVE-2020-20514
|
2024-11-21 14:12 |
2021-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211046
|
6.1 |
MEDIUM
Network
|
shopkit_project
|
shopkit
|
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-20508
|
2024-11-21 14:12 |
2021-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211047
|
7.5 |
HIGH
Network
|
redislabs
|
redis
|
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
|
NVD-CWE-noinfo
|
CVE-2020-21468
|
2024-11-21 14:12 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211048
|
6.5 |
MEDIUM
Network
|
ffmpeg
|
ffmpeg
|
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that …
|
CWE-125
Out-of-bounds Read
|
CVE-2020-20902
|
2024-11-21 14:12 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211049
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-20898
|
2024-11-21 14:12 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211050
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer derefe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-20896
|
2024-11-21 14:12 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
