Total
315269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26045 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | |||||
| CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | |||||
| CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | |||||
| CVE-2020-26037 | 1 Evenbalance | 1 Punkbuster | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-26035 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. | |||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | |||||
| CVE-2020-26033 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | |||||
| CVE-2020-26032 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. | |||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | |||||
| CVE-2020-26030 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | |||||
| CVE-2020-26029 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header. | |||||
| CVE-2020-26028 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26006 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. | |||||
| CVE-2020-25990 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2020-25989 | 1 Pritunl | 1 Pritunl-client-electron | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. | |||||
| CVE-2020-25988 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent. | |||||
| CVE-2020-25987 | 1 Monocms | 1 Monocms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash. | |||||