|
210931
|
7.8 |
HIGH
Local
|
ui
|
unifi_video
|
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code o…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-24755
|
2024-11-21 14:16 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210932
|
5.4 |
MEDIUM
Network
|
cmswing
|
cmswing
|
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24993
|
2024-11-21 14:16 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210933
|
5.4 |
MEDIUM
Network
|
cmswing
|
cmswing
|
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24992
|
2024-11-21 14:16 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210934
|
9.8 |
CRITICAL
Network
|
ambarella
|
oryx_rtsp_server
|
A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to exec…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-24918
|
2024-11-21 14:16 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210935
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-24995
|
2024-11-21 14:16 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210936
|
8.8 |
HIGH
Network
|
libass_project
|
libass
|
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-24994
|
2024-11-21 14:16 |
2021-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210937
|
8.1 |
HIGH
Network
|
quadbase
|
espressdashboard
|
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrie…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2020-24985
|
2024-11-21 14:16 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210938
|
4.3 |
MEDIUM
Network
|
quadbase
|
espressdashboard
|
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their ac…
|
CWE-352
Origin Validation Error
|
CVE-2020-24982
|
2024-11-21 14:16 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210939
|
9.8 |
CRITICAL
Network
|
zzzcms
|
zzzphp
|
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
|
CWE-89
SQL Injection
|
CVE-2020-24877
|
2024-11-21 14:16 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210940
|
8.8 |
HIGH
Network
|
quadbase
|
espressreports_es
|
An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web …
|
CWE-352
Origin Validation Error
|
CVE-2020-24984
|
2024-11-21 14:16 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
