Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35263 1 Egavilanmedia 1 User Registration And Login System With Admin Panel 2024-11-21 9.8 Critical
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
CVE-2020-35262 1 Digisol 2 Dg-hr3400, Dg-hr3400 Firmware 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter.
CVE-2020-35261 1 Multi Restaurant Table Reservation System Project 1 Multi Restaurant Table Reservation System 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVE-2020-35252 1 Egavilanmedia 1 User Registration And Login System With Admin Panel 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
CVE-2020-35249 1 Elkarbackup 1 Elkarbackup 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.
CVE-2020-35245 1 Flamingo Project 1 Flamingo 2024-11-21 9.8 Critical
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
CVE-2020-35244 1 Flamingo Project 1 Flamingo 2024-11-21 9.8 Critical
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
CVE-2020-35243 1 Flamingo Project 1 Flamingo 2024-11-21 9.8 Critical
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
CVE-2020-35242 1 Flamingo Project 1 Flamingo 2024-11-21 9.8 Critical
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
CVE-2020-35240 1 Fluxbb 1 Fluxbb 2024-11-21 4.8 Medium
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVE-2020-35236 1 Amazee 1 Lagoon 2024-11-21 5.3 Medium
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVE-2020-35235 1 Themexa 1 Secure File Manager 2024-11-21 8.8 High
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-35234 1 Wp-ecommerce 1 Easy Wp Smtp 2024-11-21 7.5 High
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
CVE-2020-35233 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.5 Medium
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
CVE-2020-35231 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 8.8 High
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
CVE-2020-35230 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.8 Medium
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
CVE-2020-35229 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 8.8 High
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
CVE-2020-35228 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2020-35227 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 7.2 High
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
CVE-2020-35226 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 7.1 High
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.