Search

Search Results (363397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-21081 1 Maccms 1 Maccms 2024-11-21 6.5 Medium
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-21066 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.
CVE-2020-21057 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.1 High
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVE-2020-21056 1 Fusionpbx 1 Fusionpbx 2024-11-21 4.3 Medium
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVE-2020-21055 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.5 Medium
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVE-2020-21054 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2020-21053 1 Fusionpbx 1 Fusionpbx 2024-11-21 6.1 Medium
Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2020-21047 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
CVE-2020-21041 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 High
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
CVE-2020-21014 1 Emlog 1 Emlog 2024-11-21 6.5 Medium
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
CVE-2020-21013 1 Emlog 1 Emlog 2024-11-21 7.2 High
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
CVE-2020-21012 1 Hotel And Lodge Booking Management System Project 1 Hotel And Lodge Booking Management System 2024-11-21 9.8 Critical
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2020-21005 1 Wellcms 1 Wellcms 2024-11-21 6.5 Medium
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.
CVE-2020-21003 1 Pbootcms 1 Pbootcms 2024-11-21 4.8 Medium
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
CVE-2020-20990 1 Domainmod 1 Domainmod 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter.
CVE-2020-20989 1 Domainmod 1 Domainmod 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
CVE-2020-20988 1 Domainmod 1 Domainmod 2024-11-21 5.4 Medium
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter.
CVE-2020-20982 1 Wdja 1 Wdja Cms 2024-11-21 9.6 Critical
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
CVE-2020-20981 1 Metinfo 1 Metinfo 2024-11-21 7.5 High
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
CVE-2020-20979 1 8cms 1 Ljcms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.