Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-9382 1 Widgets Project 1 Widgets 2024-11-21 5.4 Medium
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
CVE-2020-9381 1 Totaljs 1 Total.js Cms 2024-11-21 7.5 High
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
CVE-2020-9380 1 Whmcssmarters 1 Web Tv Player 2024-11-21 9.8 Critical
IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.
CVE-2020-9379 1 Mitel 1 Micontact Center Business 2024-11-21 6.5 Medium
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.
CVE-2020-9376 1 Dlink 2 Dir-610, Dir-610 Firmware 2024-11-21 7.5 High
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-9374 1 Tp-link 2 Tl-wr849n, Tl-wr849n Firmware 2024-11-21 9.8 Critical
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
CVE-2020-9372 1 Codepeople 1 Appointment Booking Calendar 2024-11-21 7.8 High
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVE-2020-9371 1 Codepeople 1 Appointment Booking Calendar 2024-11-21 4.8 Medium
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVE-2020-9370 1 Humaxdigital 2 Hga12r-02, Hga12r-02 Firmware 2024-11-21 9.1 Critical
HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.
CVE-2020-9369 3 Debian, Fedoraproject, Sympa 3 Debian Linux, Fedora, Sympa 2024-11-21 7.5 High
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
CVE-2020-9368 1 Oleacorner 1 Olea Gift On Order 2024-11-21 7.5 High
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.
CVE-2020-9367 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 7.8 High
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.
CVE-2020-9366 1 Gnu 1 Screen 2024-11-21 9.8 Critical
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
CVE-2020-9365 2 Fedoraproject, Pureftpd 2 Fedora, Pure-ftpd 2024-11-21 7.5 High
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
CVE-2020-9364 1 Creative-solutions 1 Creative Contact Form 2024-11-21 5.3 Medium
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
CVE-2020-9363 1 Sophos 6 Cloud Optix, Endpoint Protection, Intercept X Endpoint and 3 more 2024-11-21 7.8 High
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
CVE-2020-9362 1 Quickheal 6 Antivirus For Server, Antivirus Pro, Home Security and 3 more 2024-11-21 7.8 High
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.
CVE-2020-9361 1 Cryptopro 1 Csp 2024-11-21 5.5 Medium
CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.
CVE-2020-9359 4 Debian, Fedoraproject, Kde and 1 more 4 Debian Linux, Fedora, Okular and 1 more 2024-11-21 5.3 Medium
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
CVE-2020-9355 2 Debian, Networkmanager-ssh Project 2 Debian Linux, Networkmanager-ssh 2024-11-21 9.8 Critical
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.