|
209081
|
5.4 |
MEDIUM
Network
|
genexis
|
platinum-4410_firmware
|
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged us…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27980
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209082
|
7.5 |
HIGH
Network
|
shibboleth
|
identity_provider
|
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-27978
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209083
|
9.8 |
CRITICAL
Network
|
oscommerce
|
oscommerce
|
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the s…
|
CWE-78
OS Command
|
CVE-2020-27976
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209084
|
8.8 |
HIGH
Network
|
oscommerce
|
oscommerce
|
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-27975
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209085
|
6.1 |
MEDIUM
Network
|
quadient
|
mail_accounting
|
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27974
|
2024-11-21 14:22 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209086
|
5.4 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles coul…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27957
|
2024-11-21 14:22 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209087
|
9.8 |
CRITICAL
Network
|
car_rental_management_system_project
|
car_rental_management_system
|
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27956
|
2024-11-21 14:22 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209088
|
- |
|
-
|
-
|
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and …
|
-
|
CVE-2020-27352
|
2024-11-21 14:21 |
2024-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209089
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code v…
|
-
|
CVE-2020-27478
|
2024-11-21 14:21 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209090
|
9.8 |
CRITICAL
Network
|
silabs
|
uc\/tcp-ip
|
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-27630
|
2024-11-21 14:21 |
2023-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
