Search Results (363781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29194 1 Panasonic 2 Wv-s2231l, Wv-s2231l Firmware 2024-11-21 7.5 High
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.
CVE-2020-29193 1 Panasonic 2 Wv-s2231l, Wv-s2231l Firmware 2024-11-21 6.8 Medium
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).
CVE-2020-29189 1 Terra-master 1 Tos 2024-11-21 8.1 High
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
CVE-2020-29177 1 Zblogcn 1 Z-blogphp 2024-11-21 9.1 Critical
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.
CVE-2020-29176 1 Zblogcn 1 Z-blogphp 2024-11-21 7.8 High
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.
CVE-2020-29172 1 Litespeedtech 1 Litespeed Cache 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.
CVE-2020-29171 1 Tipsandtricks-hq 1 Wp Security \& Firewall 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
CVE-2020-29166 1 Rainbowfishsoftware 1 Pacsone Server 2024-11-21 7.5 High
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
CVE-2020-29165 1 Rainbowfishsoftware 1 Pacsone Server 2024-11-21 9.8 Critical
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
CVE-2020-29164 1 Rainbowfishsoftware 1 Pacsone Server 2024-11-21 6.1 Medium
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
CVE-2020-29163 1 Rainbowfishsoftware 1 Pacsone Server 2024-11-21 8.8 High
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
CVE-2020-29160 1 Zammad 1 Zammad 2024-11-21 7.5 High
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.
CVE-2020-29159 1 Zammad 1 Zammad 2024-11-21 4.9 Medium
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
CVE-2020-29158 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
CVE-2020-29157 1 Raonwiz 1 Raon K Editor 2024-11-21 7.8 High
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
CVE-2020-29156 1 Woocommerce 1 Woocommerce 2024-11-21 5.3 Medium
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
CVE-2020-29147 1 Wayang-cms Project 1 Wayang-cms 2024-11-21 7.5 High
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
CVE-2020-29146 1 Wayang-cms Project 1 Wayang-cms 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header.
CVE-2020-29145 1 Ericsson 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx 2024-11-21 5.4 Medium
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
CVE-2020-29144 1 Ericsson 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx 2024-11-21 5.4 Medium
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.