|
210601
|
7.5 |
HIGH
Network
|
easy-parse_project
|
easy-parse
|
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
|
CWE-611
XXE
|
CVE-2020-26710
|
2024-11-21 14:20 |
2023-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210602
|
4.9 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization…
|
CWE-89
SQL Injection
|
CVE-2020-26630
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210603
|
9.8 |
CRITICAL
Network
|
phpgurukul
|
hospital_management_system
|
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-26629
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210604
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to…
|
CWE-79
Cross-site Scripting
|
CVE-2020-26628
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210605
|
4.9 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remar…
|
CWE-89
SQL Injection
|
CVE-2020-26627
|
2024-11-21 14:20 |
2024-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210606
|
3.8 |
LOW
Network
|
gilacms
|
gila_cms
|
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
|
CWE-89
SQL Injection
|
CVE-2020-26625
|
2024-11-21 14:20 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210607
|
3.8 |
LOW
Network
|
gilacms
|
gila_cms
|
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
|
CWE-89
SQL Injection
|
CVE-2020-26624
|
2024-11-21 14:20 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210608
|
3.8 |
LOW
Network
|
gilacms
|
gila_cms
|
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the lo…
|
CWE-89
SQL Injection
|
CVE-2020-26623
|
2024-11-21 14:20 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210609
|
7.5 |
HIGH
Network
|
ethernut
|
nut\/os
|
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attac…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-27213
|
2024-11-21 14:20 |
2023-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210610
|
5.5 |
MEDIUM
Local
|
artifex
|
mupdf
|
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-26683
|
2024-11-21 14:20 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
