CVE-2020-35244
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
Source: CVE-2020-35244
[월:] 2020년 12월
CVE-2020-28759
CVE-2020-28759
** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don’t think there is an proof of overflow so far."
Source: CVE-2020-28759
CVE-2020-35364
CVE-2020-35364
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
Source: CVE-2020-35364
CVE-2020-35362
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).
Source: CVE-2020-35362
CVE-2020-35284
CVE-2020-35284
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product’s source code is available.
Source: CVE-2020-35284
CVE-2020-35450
CVE-2020-35450
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.
Source: CVE-2020-35450
CVE-2020-35359
CVE-2020-35359
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
Source: CVE-2020-35359
CVE-2020-35349
CVE-2020-35349
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
Source: CVE-2020-35349
CVE-2020-35347
CVE-2020-35347
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
Source: CVE-2020-35347
CVE-2020-35376
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
Source: CVE-2020-35376