Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363674 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19157 | 1 Wenkucms Project | 1 Wenkucms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'. | ||||
| CVE-2020-19156 | 1 Ari-soft | 1 Ari Adminer | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. | ||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19154 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.8 High |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | ||||
| CVE-2020-19150 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 8.1 High |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | ||||
| CVE-2020-19148 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. | ||||
| CVE-2020-19147 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. | ||||
| CVE-2020-19146 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | ||||
| CVE-2020-19144 | 3 Debian, Netapp, Simplesystems | 3 Debian Linux, Ontap Select Deploy Administration Utility, Libtiff | 2024-11-21 | 6.5 Medium |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. | ||||
| CVE-2020-19143 | 2 Debian, Simplesystems | 2 Debian Linux, Libtiff | 2024-11-21 | 6.5 Medium |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. | ||||
| CVE-2020-19142 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 9.8 Critical |
| iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | ||||
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | ||||
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2024-11-21 | 7.5 High |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | ||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | ||||