-
CVE-2020-20523
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
-
CVE-2020-23595
•
published on August 11, 2023
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
-
CVE-2020-24075
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.
-
CVE-2020-24187
•
published on August 11, 2023
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).
-
CVE-2020-24221
•
published on August 11, 2023
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).
-
CVE-2020-24222
•
published on August 11, 2023
Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.
-
CVE-2020-24950
•
published on August 11, 2023
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
-
CVE-2020-24804
•
published on August 11, 2023
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.
-
CVE-2020-24872
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
-
CVE-2020-24904
•
published on August 11, 2023
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.
-
CVE-2020-24922
•
published on August 11, 2023
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
-
CVE-2020-25915
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.
-
CVE-2020-27449
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
-
CVE-2020-27514
•
published on August 11, 2023
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).
-
CVE-2020-27544
•
published on August 11, 2023
An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.
-
CVE-2020-28717
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.
-
CVE-2020-28848
•
published on August 11, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.
-
CVE-2020-28849
•
published on August 11, 2023
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
-
CVE-2020-28840
•
published on August 11, 2023
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
-
CVE-2020-35139
•
published on August 11, 2023
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).