|
210321
|
6.5 |
MEDIUM
Network
|
seacms
|
seacms
|
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
|
CWE-352
Origin Validation Error
|
CVE-2020-28846
|
2024-11-21 14:23 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210322
|
8.8 |
HIGH
Network
|
fortinet
|
fortisandbox
|
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execut…
|
CWE-89
SQL Injection
|
CVE-2020-29011
|
2024-11-21 14:23 |
2021-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210323
|
7.8 |
HIGH
Local
|
raonwiz
|
raon_k_editor
|
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-29157
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210324
|
7.5 |
HIGH
Network
|
wayang-cms_project
|
wayang-cms
|
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-29147
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210325
|
6.1 |
MEDIUM
Network
|
wayang-cms_project
|
wayang-cms
|
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For fi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29146
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210326
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system…
|
CWE-362
Race Condition
|
CVE-2020-29014
|
2024-11-21 14:23 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210327
|
5.4 |
MEDIUM
Network
|
razormist
|
employee_management_system
|
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29215
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210328
|
9.8 |
CRITICAL
Network
|
alumni_management_system_project
|
alumni_management_system
|
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
|
CWE-89
SQL Injection
|
CVE-2020-29214
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210329
|
6.5 |
MEDIUM
Network
|
nightowlsp
|
smart_doorbell_firmware
|
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-28713
|
2024-11-21 14:23 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210330
|
7.5 |
HIGH
Network
|
dlink
|
dir-895l_mfc_firmware
|
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29324
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
