Export limit exceeded: 364625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9465 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 9.8 Critical |
| An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | ||||
| CVE-2020-9464 | 1 Beckhoff | 2 Bk9000, Bk9000 Firmware | 2024-11-21 | 7.5 High |
| A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting. | ||||
| CVE-2020-9463 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | ||||
| CVE-2020-9462 | 1 Homey | 4 Homey, Homey Firmware, Homey Pro and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | ||||
| CVE-2020-9461 | 1 Octech | 1 Oempro | 2024-11-21 | 5.4 Medium |
| Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable. | ||||
| CVE-2020-9460 | 1 Octech | 1 Oempro | 2024-11-21 | 5.4 Medium |
| Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable. | ||||
| CVE-2020-9459 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. | ||||
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | ||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | ||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | ||||
| CVE-2020-9455 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 4.3 Medium |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | ||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | ||||
| CVE-2020-9453 | 1 Epson | 1 Iprojection | 2024-11-21 | 5.5 Medium |
| In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU. | ||||
| CVE-2020-9452 | 1 Acronis | 1 True Image 2020 | 2024-11-21 | 7.8 High |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API. | ||||
| CVE-2020-9451 | 1 Acronis | 1 True Image 2020 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot. | ||||
| CVE-2020-9450 | 1 Acronis | 1 True Image 2020 | 2024-11-21 | 7.8 High |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe. | ||||
| CVE-2020-9449 | 1 Justblab | 4 Blab\! Ax, Blab\! Ax Pro, Blab\! Ws and 1 more | 2024-11-21 | 8.8 High |
| An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | ||||
| CVE-2020-9447 | 1 Gwtupload Project | 1 Gwtupload | 2024-11-21 | 6.1 Medium |
| There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking. | ||||
| CVE-2020-9445 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.1 Medium |
| Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | ||||
| CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.1 Medium |
| Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | ||||