|
208941
|
6.1 |
MEDIUM
Network
|
dart
|
http
|
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP…
|
CWE-74
Injection
|
CVE-2020-35669
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208942
|
4.8 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. …
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2020-35677
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208943
|
6.1 |
MEDIUM
Network
|
bigprof
|
online_invoicing_system
|
BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35676
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208944
|
7.5 |
HIGH
Network
|
redislabs
|
redisgraph
|
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35668
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208945
|
8.8 |
HIGH
Network
|
steedos
|
steedos
|
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoD…
|
CWE-89
SQL Injection
|
CVE-2020-35666
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208946
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
|
CWE-78
OS Command
|
CVE-2020-35665
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208947
|
7.5 |
HIGH
Network
|
advanced_comment_system_project
|
advanced_comment_system
|
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
|
CWE-22
Path Traversal
|
CVE-2020-35598
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208948
|
8.8 |
HIGH
Network
|
raysync
|
raysync
|
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can…
|
CWE-22
Path Traversal
|
CVE-2020-35370
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208949
|
8.8 |
HIGH
Network
|
nagios
|
nagios_core
|
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
|
CWE-352
Origin Validation Error
|
CVE-2020-35269
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208950
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35252
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
