Skip to main content
CVE-2020-29600 CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29597 CRITICAL POC THREAT Act Now

IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Incomcms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
71.0%
CVE-2020-29595 CRITICAL POC Act Now

PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Photo Studio 2021
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-5800 CRITICAL POC Act Now

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Apple Eat Spray Love
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-5799 CRITICAL POC Act Now

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Eat Spray Love
NVD
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy