Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35395 1 Egavilanmedia 1 Expense Management System 2024-11-21 6.1 Medium
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
CVE-2020-35391 1 Tenda 2 F3, F3 Firmware 2024-11-21 9.6 Critical
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
CVE-2020-35388 1 Rockoa 1 Xinhu 2024-11-21 7.5 High
rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.
CVE-2020-35382 1 Classroombookings 1 Classroombookings 2024-11-21 7.2 High
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
CVE-2020-35381 3 Fedoraproject, Jsonparser Project, Redhat 3 Fedora, Jsonparser, Acm 2024-11-21 7.5 High
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
CVE-2020-35380 1 Gjson Project 1 Gjson 2024-11-21 7.5 High
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
CVE-2020-35378 1 Online Bus Ticket Reservation Project 1 Online Bus Ticket Reservation 2024-11-21 9.8 Critical
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
CVE-2020-35376 2 Fedoraproject, Xpdfreader 2 Fedora, Xpdf 2024-11-21 7.5 High
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
CVE-2020-35373 1 Fiyo 1 Fiyo Cms 2024-11-21 6.1 Medium
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
CVE-2020-35370 1 Raysync 1 Raysync 2024-11-21 8.8 High
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
CVE-2020-35364 1 Huorong 1 Internet Security 2024-11-21 9.8 Critical
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
CVE-2020-35362 1 Dext5 1 Dext5upload 2024-11-21 7.5 High
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).
CVE-2020-35359 1 Pureftpd 1 Pure-ftpd 2024-11-21 7.5 High
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
CVE-2020-35358 1 Domainmod 1 Domainmod 2024-11-21 9.8 Critical
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
CVE-2020-35349 1 Techkshetrainfo 1 Savsoft Quiz 2024-11-21 4.8 Medium
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
CVE-2020-35347 1 Cxuu 1 Cxuucms 2024-11-21 6.5 Medium
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.
CVE-2020-35346 1 Cxuu 1 Cxuucms 2024-11-21 4.8 Medium
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.
CVE-2020-35342 1 Gnu 1 Binutils 2024-11-21 7.5 High
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
CVE-2020-35340 1 Expertpdf 1 Expertpdf 2024-11-21 7.5 High
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
CVE-2020-35339 1 74cms 1 74cms 2024-11-21 9.8 Critical
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.