-
2020-12-02 22:15:10
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.National Vulnerability Database
-
2020-12-02 22:15:10
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.National Vulnerability Database
-
2020-12-02 22:15:10
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.National Vulnerability Database
-
2020-12-02 17:15:14
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.National Vulnerability Database
-
2020-12-02 09:15:11
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.National Vulnerability Database
-
2020-12-02 08:15:10
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, National Vulnerability Database
-
2020-12-01 19:15:12
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.National Vulnerability Database
-
2020-12-01 19:15:12
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.National Vulnerability Database
-
2020-12-01 19:15:12
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.National Vulnerability Database
-
2020-12-01 19:15:12
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.National Vulnerability Database
-
2020-12-01 19:15:11
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. National Vulnerability Database
-
2020-12-01 19:15:11
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.National Vulnerability Database
-
2020-12-01 18:15:12
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.National Vulnerability Database
-
2020-12-01 17:15:13
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.National Vulnerability Database
-
2020-12-01 16:15:11
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. National Vulnerability Database
-
2020-12-01 15:15:11
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.National Vulnerability Database
-
2020-12-01 15:15:11
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.National Vulnerability Database
-
2020-12-01 01:15:11
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, National Vulnerability Database
-
2020-12-01 00:15:11
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, National Vulnerability Database
-
2020-12-01 00:15:11
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. National Vulnerability Database
-
2020-11-30 20:15:11
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.National Vulnerability Database
-
2020-11-30 20:15:11
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.National Vulnerability Database
-
2020-11-30 20:15:11
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.National Vulnerability Database
-
2020-11-30 19:15:12
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.National Vulnerability Database
-
2020-11-30 19:15:12
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.National Vulnerability Database
-
2020-11-30 18:15:11
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.National Vulnerability Database
-
2020-11-30 16:15:13
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.National Vulnerability Database
-
2020-11-30 16:15:13
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.National Vulnerability Database
-
2020-11-30 16:15:13
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.National Vulnerability Database
-
2020-11-30 16:15:13
IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.National Vulnerability Database
-
2020-11-30 16:15:12
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.National Vulnerability Database
-
2020-11-30 16:15:12
IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. National Vulnerability Database
-
2020-11-30 14:15:11
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.National Vulnerability Database
-
2020-11-30 14:15:11
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.National Vulnerability Database
-
2020-11-30 14:15:11
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.National Vulnerability Database
-
2020-11-30 10:15:11
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.National Vulnerability Database
-
2020-11-30 10:15:10
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.National Vulnerability Database
-
2020-11-29 01:15:11
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.National Vulnerability Database
-
2020-11-29 01:15:11
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.National Vulnerability Database
-
2020-11-29 01:15:11
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.National Vulnerability Database
-
2020-11-28 07:15:11
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.National Vulnerability Database
-
2020-11-28 01:15:11
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, National Vulnerability Database
-
2020-11-27 18:15:11
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.National Vulnerability Database
-
2020-11-27 18:15:11
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. National Vulnerability Database
-
2020-11-27 18:15:11
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.National Vulnerability Database
-
2020-11-27 18:15:11
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.National Vulnerability Database
-
2020-11-27 18:15:11
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.National Vulnerability Database
-
2020-11-27 18:15:11
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.National Vulnerability Database
-
2020-11-27 18:15:11
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.National Vulnerability Database
-
2020-11-27 18:15:11
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). National Vulnerability Database
-
2020-11-27 18:15:11
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, National Vulnerability Database
-
2020-11-27 18:15:10
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.National Vulnerability Database
-
2020-11-27 18:15:10
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.National Vulnerability Database
-
2020-11-27 17:15:11
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.National Vulnerability Database
-
2020-11-27 17:15:11
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, National Vulnerability Database
-
2020-11-27 17:15:11
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.National Vulnerability Database
-
2020-11-27 17:15:11
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.National Vulnerability Database
-
2020-11-27 16:15:11
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, National Vulnerability Database
-
2020-11-27 02:15:11
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).National Vulnerability Database
-
2020-11-27 02:15:11
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).National Vulnerability Database
-
2020-11-27 02:15:10
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).National Vulnerability Database
-
2020-11-27 01:15:11
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.National Vulnerability Database
-
2020-11-27 00:15:11
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.National Vulnerability Database
-
2020-11-26 20:15:10
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.National Vulnerability Database
-
2020-11-26 20:15:10
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.National Vulnerability Database
-
2020-11-26 19:15:10
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.National Vulnerability Database
-
2020-11-26 18:15:10
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, National Vulnerability Database
-
2020-11-26 18:15:10
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.National Vulnerability Database
-
2020-11-26 17:15:11
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).National Vulnerability Database
-
2020-11-26 17:15:11
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).National Vulnerability Database
-
2020-11-26 17:15:10
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.National Vulnerability Database
