Total
315274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26051 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | |||||
| CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | |||||
| CVE-2020-26049 | 1 Niftypm | 1 Nifty-pm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. | |||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | |||||
| CVE-2020-26046 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. | |||||
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | |||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||||
| CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | |||||
| CVE-2020-26037 | 1 Evenbalance | 1 Punkbuster | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | |||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | |||||
| CVE-2020-26033 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | |||||
| CVE-2020-26032 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | |||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | |||||
| CVE-2020-26030 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | |||||
| CVE-2020-26029 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header. | |||||
| CVE-2020-26028 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||