Total
314928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25926 | 1 Hcc-embedded | 1 Nichestack Tcp\/ip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet. | |||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2020-25917 | 1 Stratodesk | 1 Notouch Center | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page. | |||||
| CVE-2020-25915 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | |||||
| CVE-2020-25912 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). | |||||
| CVE-2020-25911 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). | |||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | |||||
| CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research. | |||||
| CVE-2020-25901 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | |||||
| CVE-2020-25890 | 1 Kyocera | 2 Ecosys M2640idw, Ecosys M2640idw Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions | |||||
| CVE-2020-25889 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | |||||
| CVE-2020-25887 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | |||||
| CVE-2020-25881 | 1 Ranko | 1 Rkcms | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file. | |||||
| CVE-2020-25879 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | |||||
| CVE-2020-25878 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | |||||
| CVE-2020-25877 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-25876 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter. | |||||
| CVE-2020-25875 | 1 Codologic | 1 Codoforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter. | |||||
| CVE-2020-25873 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter. | |||||
| CVE-2020-25872 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. | |||||