|
210941
|
8.8 |
HIGH
Network
|
quadbase
|
espressreports_es
|
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the targe…
|
CWE-352
Origin Validation Error
|
CVE-2020-24983
|
2024-11-21 14:16 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210942
|
9.8 |
CRITICAL
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or expl…
|
CWE-89
SQL Injection
|
CVE-2020-24791
|
2024-11-21 14:16 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210943
|
9.8 |
CRITICAL
Network
|
qcubed
|
qcubed
|
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-24914
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210944
|
9.8 |
CRITICAL
Network
|
qcubed
|
qcubed
|
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a …
|
CWE-89
SQL Injection
|
CVE-2020-24913
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210945
|
6.1 |
MEDIUM
Network
|
qcubed
|
qcubed
|
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authentica…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24912
|
2024-11-21 14:16 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210946
|
7.8 |
HIGH
Local
|
checkmk
|
checkmk
|
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
|
NVD-CWE-Other
|
CVE-2020-24908
|
2024-11-21 14:16 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210947
|
9.8 |
CRITICAL
Network
|
sdg
|
pnpscada
|
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit late…
|
CWE-89
SQL Injection
|
CVE-2020-24841
|
2024-11-21 14:16 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210948
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
|
CWE-78
OS Command
|
CVE-2020-24899
|
2024-11-21 14:16 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210949
|
6.1 |
MEDIUM
Network
|
sdgc
|
pnpscada
|
PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24842
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210950
|
7.5 |
HIGH
Network
|
issuer_project
|
issuer
|
An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-24838
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
