Export limit exceeded: 364271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8519 | 1 Phpzag | 1 Phpzag | 2024-11-21 | 9.8 Critical |
| SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql | ||||
| CVE-2020-8518 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2024-11-21 | 9.8 Critical |
| Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | ||||
| CVE-2020-8517 | 3 Canonical, Opensuse, Squid-cache | 3 Ubuntu Linux, Leap, Squid | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. | ||||
| CVE-2020-8516 | 1 Torproject | 1 Tor | 2024-11-21 | 5.3 Medium |
| The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability | ||||
| CVE-2020-8514 | 2 Apple, Maxum | 2 Macos, Rumpus | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | ||||
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2024-11-21 | 6.1 Medium |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | ||||
| CVE-2020-8511 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | ||||
| CVE-2020-8510 | 1 Phpabook Project | 1 Phpabook | 2024-11-21 | 9.8 Critical |
| An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | ||||
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | ||||
| CVE-2020-8508 | 1 Norman | 1 Malware Cleaner | 2024-11-21 | 9.8 Critical |
| nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. | ||||
| CVE-2020-8507 | 1 Rogersmedia | 1 Citytv Video | 2024-11-21 | 7.5 High |
| The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | ||||
| CVE-2020-8506 | 1 Corusent | 1 Global Tv | 2024-11-21 | 5.3 Medium |
| The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. | ||||
| CVE-2020-8505 | 1 Arox | 1 School Management Software Php\/mysql | 2024-11-21 | 6.5 Medium |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. | ||||
| CVE-2020-8504 | 1 Arox | 1 School Management Software Php\/mysql | 2024-11-21 | 6.5 Medium |
| School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. | ||||
| CVE-2020-8503 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | 6.5 Medium |
| Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. | ||||
| CVE-2020-8500 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality | ||||
| CVE-2020-8498 | 1 Gistpress Project | 1 Gistpress | 2024-11-21 | 5.4 Medium |
| XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | ||||
| CVE-2020-8497 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 5.3 Medium |
| In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | ||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 4.8 Medium |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | ||||
| CVE-2020-8495 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 7.5 High |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | ||||