|
208911
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to…
|
CWE-22
Path Traversal
|
CVE-2020-28187
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208912
|
7.3 |
HIGH
Network
|
terra-master
|
tos
|
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-28186
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208913
|
5.3 |
MEDIUM
Network
|
terra-master
|
tos
|
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
|
NVD-CWE-noinfo
|
CVE-2020-28185
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208914
|
5.4 |
MEDIUM
Network
|
terra-master
|
tos
|
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28184
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208915
|
7.0 |
HIGH
Local
|
td-agent-builder_project
debian
|
td-agent-builder
debian_linux
|
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SY…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28169
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208916
|
9.8 |
CRITICAL
Network
|
online_health_care_system_project
|
online_health_care_system
|
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
|
CWE-89
SQL Injection
|
CVE-2020-28074
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208917
|
9.8 |
CRITICAL
Network
|
library_management_system_project
|
library_management_system
|
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
|
CWE-89
SQL Injection
|
CVE-2020-28073
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208918
|
4.8 |
MEDIUM
Network
|
alumni_management_system_project
|
alumni_management_system
|
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28071
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208919
|
9.8 |
CRITICAL
Network
|
alumni_management_system_project
|
alumni_management_system
|
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
|
CWE-89
SQL Injection
|
CVE-2020-28070
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208920
|
8.1 |
HIGH
Network
|
multi-ini_project
|
multi-ini
|
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-28460
|
2024-11-21 14:22 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
