Search

Search Results (362867 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29282 1 Bloodx Project 1 Bloodx 2024-11-21 9.8 Critical
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29280 1 Victor Cms Project 1 Victor Cms 2024-11-21 9.8 Critical
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29279 1 74cms 1 74cms 2024-11-21 9.8 Critical
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29260 2 Debian, Libvncserver Project 2 Debian Linux, Libvncserver 2024-11-21 7.5 High
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVE-2020-29259 1 Online Examination System Project 1 Online Examination System 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.
CVE-2020-29258 1 Online Examination System Project 1 Online Examination System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php.
CVE-2020-29257 1 Online Examination System Project 1 Online Examination System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php.
CVE-2020-29254 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 8.8 High
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
CVE-2020-29250 1 Cxuu 1 Cxuucms 2024-11-21 6.1 Medium
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
CVE-2020-29249 1 Cxuu 1 Cxuucms 2024-11-21 6.1 Medium
CXUUCMS V3 allows class="layui-input" XSS.
CVE-2020-29247 1 Wondercms 1 Wondercms 2024-11-21 4.8 Medium
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
CVE-2020-29245 1 Tag Project 1 Tag 2024-11-21 6.5 Medium
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.
CVE-2020-29244 1 Tag Project 1 Tag 2024-11-21 6.5 Medium
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.
CVE-2020-29243 1 Tag Project 1 Tag 2024-11-21 6.5 Medium
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.
CVE-2020-29242 1 Tag Project 1 Tag 2024-11-21 6.5 Medium
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.
CVE-2020-29241 1 Online News Portal Project 1 Online News Portal 2024-11-21 4.8 Medium
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.
CVE-2020-29240 1 Lepton-cms 1 Leptoncms 2024-11-21 4.8 Medium
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
CVE-2020-29239 1 Janobe 1 Online Voting System 2024-11-21 6.1 Medium
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
CVE-2020-29238 1 Expressvpn 1 Expressvpn 2024-11-21 7.5 High
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.
CVE-2020-29233 1 Wondercms 1 Wondercms 2024-11-21 5.4 Medium
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.