CVE-2020-35269 (nagios_core)
There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4.
Source: CVE-2020-35269 (nagios_core)
[월:] 2020년 12월
CVE-2020-35370 (raysync)
CVE-2020-35370 (raysync)
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
Source: CVE-2020-35370 (raysync)
CVE-2020-28074
CVE-2020-28074
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
Source: CVE-2020-28074
CVE-2020-28071
CVE-2020-28071
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called ‘about’ and reach a stored XSS.
Source: CVE-2020-28071
CVE-2020-28073
CVE-2020-28073
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
Source: CVE-2020-28073
CVE-2020-27397
CVE-2020-27397
Marital – Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
Source: CVE-2020-27397
CVE-2020-13969
CVE-2020-13969
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on ‘CRK’, ‘IDContratante’, ‘Erro’, or ‘Mod’ parameter. This is path-independent.
Source: CVE-2020-13969
CVE-2020-28070
CVE-2020-28070
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the ‘id’ parameter.
Source: CVE-2020-28070
CVE-2020-13968
CVE-2020-13968
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the ‘strSessao’ parameter.
Source: CVE-2020-13968
CVE-2020-4642
CVE-2020-4642
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".
Source: CVE-2020-4642