Total
317551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11555 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | |||||
| CVE-2020-11554 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | |||||
| CVE-2020-11553 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. | |||||
| CVE-2020-11552 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM. | |||||
| CVE-2020-11551 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. | |||||
| CVE-2020-11550 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). | |||||
| CVE-2020-11549 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. | |||||
| CVE-2020-11548 | 1 Search Meter Project | 1 Search Meter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. | |||||
| CVE-2020-11547 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm. | |||||
| CVE-2020-11546 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection. | |||||
| CVE-2020-11545 | 1 Projectworlds | 1 Official Car Rental System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | |||||
| CVE-2020-11544 | 1 Projectworlds | 1 Official Car Rental System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. | |||||
| CVE-2020-11543 | 1 Opsramp | 1 Gateway | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. | |||||
| CVE-2020-11542 | 1 3xlogic | 3 Infinias Eidc32, Infinias Eidc32 Firmware, Infinias Eidc32 Web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | |||||
| CVE-2020-11541 | 1 Techsmith | 1 Snagit | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | |||||
| CVE-2020-11539 | 1 Titan | 2 Sf Rush Smart Band, Sf Rush Smart Band Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. | |||||
| CVE-2020-11538 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |||||
| CVE-2020-11537 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API. | |||||
| CVE-2020-11536 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server. | |||||
| CVE-2020-11535 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server. | |||||