Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35359 | 1 Pureftpd | 1 Pure-ftpd | 2024-11-21 | 7.5 High |
| Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. | ||||
| CVE-2020-35358 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 9.8 Critical |
| DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. | ||||
| CVE-2020-35349 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 4.8 Medium |
| Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). | ||||
| CVE-2020-35347 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.5 Medium |
| CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | ||||
| CVE-2020-35346 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.8 Medium |
| CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. | ||||
| CVE-2020-35342 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.5 High |
| GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | ||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2024-11-21 | 9.8 Critical |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | ||||
| CVE-2020-35338 | 1 Mobileviewpoint | 1 Wireless Multiplex Terminal Playout Server | 2024-11-21 | 9.8 Critical |
| The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon." | ||||
| CVE-2020-35337 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 9.8 Critical |
| ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2020-35329 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 6.5 Medium |
| Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | ||||
| CVE-2020-35328 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 5.4 Medium |
| Courier Management System 1.0 - 'First Name' Stored XSS | ||||
| CVE-2020-35327 | 1 Courier Management System Project | 1 Courier Management System | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | ||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||||
| CVE-2020-35313 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | ||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2024-11-21 | 4.8 Medium |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | ||||
| CVE-2020-35308 | 1 Conquest Dicom Server Project | 1 Conquest Dicom Server | 2024-11-21 | 9.8 Critical |
| CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | ||||
| CVE-2020-35296 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 7.5 High |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | ||||
| CVE-2020-35284 | 1 Flamingoim Project | 1 Flamingoim | 2024-11-21 | 7.5 High |
| Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | ||||