|
209731
|
7.8 |
HIGH
Local
|
matthiaswandel
|
jhead
|
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28840
|
2024-11-21 14:23 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209732
|
6.1 |
MEDIUM
Network
|
kindsoft
|
kindeditor
|
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28717
|
2024-11-21 14:23 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209733
|
9.8 |
CRITICAL
Network
|
mediawiki
|
score
|
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit artic…
|
CWE-94
Code Injection
|
CVE-2020-29007
|
2024-11-21 14:23 |
2023-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209734
|
9.8 |
CRITICAL
Network
|
zend
|
zend_framework
|
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and inc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29312
|
2024-11-21 14:23 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209735
|
9.8 |
CRITICAL
Network
|
online_doctor_appointment_booking_system_php_and_mysql_project
|
online_doctor_appointment_booking_system_php_and_mysql
|
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
|
CWE-89
SQL Injection
|
CVE-2020-29168
|
2024-11-21 14:23 |
2023-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209736
|
9.8 |
CRITICAL
Network
|
online_food_ordering_system_project
|
online_food_ordering_system
|
Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.
|
CWE-89
SQL Injection
|
CVE-2020-29297
|
2024-11-21 14:23 |
2023-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209737
|
7.5 |
HIGH
Network
|
libvncserver_project
debian
|
libvncserver
debian_linux
|
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-29260
|
2024-11-21 14:23 |
2022-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209738
|
7.5 |
HIGH
Network
|
powerjob
|
powerjob
|
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-28865
|
2024-11-21 14:23 |
2022-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209739
|
8.8 |
HIGH
Network
|
cgal
debian
|
computational_geometry_algorithms_library
debian_linux
|
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu…
|
-
|
CVE-2020-28635
|
2024-11-21 14:23 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209740
|
8.8 |
HIGH
Network
|
cgal
debian
|
computational_geometry_algorithms_library
debian_linux
|
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confu…
|
-
|
CVE-2020-28634
|
2024-11-21 14:23 |
2022-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
