Search Results (312698 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-32018 1 Jump-technology 1 Asset Management 2025-05-30 8.5 High
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal.
CVE-2021-32017 1 Jump-technology 1 Asset Management 2025-05-30 9.9 Critical
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.
CVE-2021-32016 1 Jump-technology 1 Asset Management 2025-05-30 9.9 Critical
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution.
CVE-2021-31777 1 Dynamic Content Elements Project 1 Dynamic Content Elements 2025-05-30 4.9 Medium
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
CVE-2021-31531 1 Zohocorp 1 Manageengine Servicedesk Plus Msp 2025-05-30 9.8 Critical
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2021-31530 1 Zohocorp 1 Manageengine Servicedesk Plus Msp 2025-05-30 7.5 High
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVE-2021-31399 1 2n 2 Access Unit 2.0, Access Unit 2.0 Firmware 2025-05-30 4.6 Medium
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
CVE-2021-31160 1 Zohocorp 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp 2025-05-30 7.5 High
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2020-8422 1 Zohocorp 1 Manageengine Remote Access Plus 2025-05-30 4.3 Medium
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
CVE-2020-28918 1 Deepnetsecurity 1 Dualshield 2025-05-30 5.3 Medium
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
CVE-2020-28406 1 Iris 1 Star Practice Management 2025-05-30 6.5 Medium
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
CVE-2020-28405 1 Iris 1 Star Practice Management 2025-05-30 8.8 High
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.
CVE-2020-28404 1 Iris 1 Star Practice Management 2025-05-30 6.5 Medium
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
CVE-2020-28403 1 Iris 1 Star 2025-05-30 8 High
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.
CVE-2020-28402 1 Iris 1 Star Practice Management 2025-05-30 5.4 Medium
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
CVE-2020-28401 1 Iris 1 Star Practice Management 2025-05-30 6.5 Medium
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
CVE-2020-26546 1 Evolutionscript 1 Helpdeskz 2025-05-30 7.5 High
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-26167 1 Thedaylightstudio 1 Fuel Cms 2025-05-30 9.8 Critical
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVE-2020-15595 1 Zohocorp 1 Manageengine Application Control Plus 2025-05-30 4.3 Medium
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
CVE-2020-15594 1 Zohocorp 1 Manageengine Application Control Plus 2025-05-30 4.3 Medium
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.