New vulnerabilities from the NVD: CVE-2020-18705 | | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18704 | | Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18703 | | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18702 | | Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18701 | | Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18699 | | Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18698 | | Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. Published at: August 16, 2021 at 09:15PM View on website August 16, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15955 | | In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker. Published at: August 17, 2021 at 09:15PM View on website August 17, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18164 | | SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. Published at: August 17, 2021 at 11:15PM View on website August 18, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13589 | | An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. Published at: August 17, 2021 at 11:15PM View on website August 18, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13588 | | An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. Published at: August 17, 2021 at 11:15PM View on website August 18, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18746 | | SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". Published at: August 18, 2021 at 06:15PM View on website August 18, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-28146 | | Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. Published at: August 18, 2021 at 08:15PM View on website August 18, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23069 | | Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. Published at: August 18, 2021 at 08:15PM View on website August 18, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18875 | | Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. Published at: August 18, 2021 at 08:15PM View on website August 18, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22124 | | A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. Published at: August 18, 2021 at 09:15PM View on website August 18, 2021 at 11:34PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22122 | | A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. Published at: August 18, 2021 at 09:15PM View on website August 18, 2021 at 11:34PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22120 | | A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. Published at: August 18, 2021 at 09:15PM View on website August 18, 2021 at 11:34PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19669 | | Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn. Published at: August 18, 2021 at 10:15PM View on website August 18, 2021 at 11:34PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22345 | | /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. Published at: August 19, 2021 at 12:15AM View on website August 19, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18748 | | Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. Published at: August 19, 2021 at 07:15PM View on website August 19, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1837 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: August 19, 2021 at 07:15PM View on website August 19, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1791 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none. Published at: August 19, 2021 at 07:15PM View on website August 19, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-0344 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none. Published at: August 19, 2021 at 07:15PM View on website August 19, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20645 | | Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. Published at: August 19, 2021 at 10:15PM View on website August 19, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20642 | | Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Published at: August 19, 2021 at 10:15PM View on website August 19, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18900 | | A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code. Published at: August 20, 2021 at 01:15AM View on website August 20, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18899 | | An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. Published at: August 20, 2021 at 01:15AM View on website August 20, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18898 | | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. Published at: August 20, 2021 at 01:15AM View on website August 20, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18897 | | An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. Published at: August 20, 2021 at 01:15AM View on website August 20, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18886 | | Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. Published at: August 20, 2021 at 05:15PM View on website August 20, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18885 | | Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. Published at: August 20, 2021 at 05:15PM View on website August 20, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18879 | | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. Published at: August 20, 2021 at 05:15PM View on website August 20, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18878 | | Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'. Published at: August 20, 2021 at 05:15PM View on website August 20, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18877 | | SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. Published at: August 20, 2021 at 05:15PM View on website August 20, 2021 at 07:33PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар