|
210651
|
9.8 |
CRITICAL
Network
|
webdesi9
|
file_manager
|
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to hav…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25213
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210652
|
7.0 |
HIGH
Local
|
linux
debian
opensuse
canonical
|
linux_kernel
debian_linux
leap
ubuntu_linux
|
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf…
|
CWE-787
CWE-367
Out-of-bounds Write
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-25212
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210653
|
6.0 |
MEDIUM
Local
|
linux
debian
fedoraproject
|
linux_kernel
debian_linux
fedora
|
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctn…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-25211
|
2024-11-21 14:17 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210654
|
7.8 |
HIGH
Local
|
gnupg
gpg4win
|
gnupg
gpg4win
|
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD pre…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-25125
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210655
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25124
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210656
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25123
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210657
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25122
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210658
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25121
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210659
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25120
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210660
|
4.8 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25119
|
2024-11-21 14:17 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
