|
211131
|
6.1 |
MEDIUM
Network
|
chronoengine
|
chronoforums
|
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27459
|
2024-11-21 14:21 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211132
|
8.8 |
HIGH
Network
|
flexdotnetcms_project
|
flexdotnetcms
|
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27386
|
2024-11-21 14:21 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211133
|
8.1 |
HIGH
Network
|
flexdotnetcms_project
|
flexdotnetcms
|
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root.…
|
CWE-22
Path Traversal
|
CVE-2020-27385
|
2024-11-21 14:21 |
2020-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211134
|
9.8 |
CRITICAL
Network
|
goodlayers
|
good_learning_management_system
|
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to…
|
CWE-89
SQL Injection
|
CVE-2020-27481
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211135
|
7.1 |
HIGH
Adjacent
|
audi
|
mmi_multiplayer
|
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory con…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27524
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211136
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authenticatio…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-27523
|
2024-11-21 14:21 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211137
|
6.5 |
MEDIUM
Adjacent
|
tcl
|
32s330_firmware
40s330_firmware
43s434_firmware
50s434_firmware
55s434_firmware
65s434_firmware
75s434_firmware
|
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to ar…
|
CWE-200
Information Exposure
|
CVE-2020-27403
|
2024-11-21 14:21 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211138
|
8.8 |
HIGH
Network
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
|
NVD-CWE-noinfo
|
CVE-2020-27694
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211139
|
4.4 |
MEDIUM
Local
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-27693
|
2024-11-21 14:21 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211140
|
7.5 |
HIGH
Network
|
synopsys
|
hub-rest-api-python
|
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-27589
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
