|
210051
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28688
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210052
|
8.8 |
HIGH
Network
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project
|
artworks_gallery_in_php\
_css\
_javascript\
_and_mysql
|
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28687
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210053
|
5.4 |
MEDIUM
Network
|
progress
|
moveit_transfer
|
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28647
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210054
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28693
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210055
|
7.2 |
HIGH
Network
|
gilacms
|
gila_cms
|
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28692
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210056
|
7.5 |
HIGH
Network
|
cloudavid
|
pparam
|
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-28723
|
2024-11-21 14:23 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210057
|
6.8 |
MEDIUM
Physics
|
vw
|
polo_firmware
|
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a me…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2020-28656
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210058
|
5.4 |
MEDIUM
Network
|
wpbakery
|
page_builder
|
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28650
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210059
|
8.8 |
HIGH
Network
|
orbisius
|
child_theme_creator
|
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
|
CWE-352
Origin Validation Error
|
CVE-2020-28649
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210060
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
|
CWE-20
Improper Input Validation
|
CVE-2020-28648
|
2024-11-21 14:23 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
