Skip to main content
CVE-2020-26766 HIGH POC This Week

A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF User Registration Login And User Management System With Admin Panel
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25917 HIGH POC This Week

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Notouch Center
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-35715 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-35714 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-35362 HIGH POC This Week

DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dext5Upload
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-35284 HIGH POC This Week

Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flamingoim
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-35450 HIGH POC This Week

Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gobby
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35359 HIGH POC This Week

Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pure Ftpd
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-35376 HIGH POC This Week

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xpdf Fedora
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-35388 HIGH POC This Week

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xinhu
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-35716 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linksys Re6500 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy