Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-21131 1 Metinfo 1 Metinfo 2024-11-21 7.2 High
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
CVE-2020-21130 1 Hisiphp 1 Hisiphp 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.
CVE-2020-21127 1 Metinfo 1 Metinfo 2024-11-21 9.8 Critical
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVE-2020-21126 1 Metinfo 1 Metinfo 2024-11-21 8.8 High
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVE-2020-21125 1 Ureport Project 1 Ureport 2024-11-21 9.8 Critical
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVE-2020-21124 1 Ureport Project 1 Ureport 2024-11-21 9.8 Critical
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-21122 1 Ureport Project 1 Ureport 2024-11-21 5.3 Medium
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
CVE-2020-21121 1 Kliqqi 1 Kliqqi Cms 2024-11-21 9.8 Critical
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
CVE-2020-21101 1 Screenly 1 Screenly 2024-11-21 5.4 Medium
Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.
CVE-2020-21088 1 X2engine 1 X2crm 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
CVE-2020-21087 1 X2engine 1 X2crm 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
CVE-2020-21082 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.
CVE-2020-21081 1 Maccms 1 Maccms 2024-11-21 6.5 Medium
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-21066 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.
CVE-2020-21057 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.1 High
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVE-2020-21056 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 Medium
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVE-2020-21055 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 Medium
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVE-2020-21054 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2020-21053 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2020-21047 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.