New vulnerabilities from the NVD: CVE-2020-8299 | |
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. Published at: June 16, 2021 at 05:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-7864 | | Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. Published at: June 15, 2021 at 11:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-5000 | | IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. Published at: June 15, 2021 at 11:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-35762 | | bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-35761 | | bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-35760 | | bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-35759 | | bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-29215 | | A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. Published at: June 15, 2021 at 11:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-29214 | | SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. Published at: June 15, 2021 at 11:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-27339 | | An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode. Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25755 | | An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. Published at: June 16, 2021 at 10:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25754 | | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. Published at: June 16, 2021 at 10:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25753 | | An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Published at: June 16, 2021 at 10:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25752 | | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. Published at: June 16, 2021 at 10:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24939 | | Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22212 | | |
New vulnerabilities from the NVD: CVE-2020-22211 | | |
New vulnerabilities from the NVD: CVE-2020-22210 | | |
New vulnerabilities from the NVD: CVE-2020-22209 | | |
New vulnerabilities from the NVD: CVE-2020-22208 | | |
New vulnerabilities from the NVD: CVE-2020-22206 | | |
New vulnerabilities from the NVD: CVE-2020-22205 | | |
New vulnerabilities from the NVD: CVE-2020-22204 | | |
New vulnerabilities from the NVD: CVE-2020-22203 | | |
New vulnerabilities from the NVD: CVE-2020-22201 | | phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. Published at: June 16, 2021 at 08:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22200 | | Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. Published at: June 16, 2021 at 08:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22199 | | SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. Published at: June 16, 2021 at 08:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22198 | | SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21316 | | A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. Published at: June 15, 2021 at 11:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20444 | | Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . Published at: June 16, 2021 at 07:15PM View on website June 17, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25414 | | A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. Published at: June 17, 2021 at 06:15PM View on website June 17, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-35373 | | In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. Published at: June 17, 2021 at 07:15PM View on website June 17, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19202 | | An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Captive Portal page. Published at: June 17, 2021 at 07:15PM View on website June 17, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-20002 | | Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. Published at: June 17, 2021 at 07:15PM View on website June 17, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-3733 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: June 18, 2021 at 04:15PM View on website June 18, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2005-0394 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: June 18, 2021 at 04:15PM View on website June 18, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18442 | | Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". Published at: June 18, 2021 at 06:15PM View on website June 18, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-14639 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: June 18, 2021 at 05:15PM View on website June 18, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2005-2795 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: June 18, 2021 at 06:15PM View on website June 18, 2021 at 07:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар