Search Results (83871 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29395 1 Myeventon 1 Eventon 2024-11-21 6.1 Medium
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVE-2020-29394 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2024-11-21 7.8 High
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
CVE-2020-29390 1 Zeroshell 1 Zeroshell 2024-11-21 9.8 Critical
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
CVE-2020-29383 1 Vsolcn 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more 2024-11-21 7.8 High
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.
CVE-2020-29382 1 Vsolcn 6 V1600d, V1600d Firmware, V1600g1 and 3 more 2024-11-21 7.8 High
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.
CVE-2020-29381 1 Vsolcn 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more 2024-11-21 9.8 Critical
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename.
CVE-2020-29377 1 Vsolcn 2 V1600d, V1600d Firmware 2024-11-21 9.8 Critical
An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided.
CVE-2020-29376 1 Vsolcn 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more 2024-11-21 9.8 Critical
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service.
CVE-2020-29375 1 Vsolcn 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more 2024-11-21 8.8 High
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.
CVE-2020-29364 1 Netartmedia 1 News Lister 2024-11-21 4.8 Medium
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVE-2020-29363 4 Debian, Oracle, P11-kit Project and 1 more 4 Debian Linux, Communications Cloud Native Core Policy, P11-kit and 1 more 2024-11-21 7.5 High
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
CVE-2020-29323 1 Dlink 2 Dir-885l-mfc, Dir-885l-mfc Firmware 2024-11-21 7.5 High
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29322 1 Dlink 2 Dir-880l, Dir-880l Firmware 2024-11-21 7.5 High
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29321 1 Dlink 2 Dir-868l, Dir-868l Firmware 2024-11-21 7.5 High
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29315 1 Thinkadmin 1 Thinkadmin 2024-11-21 5.4 Medium
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
CVE-2020-29311 1 Ubilling 1 Ubilling 2024-11-21 9.8 Critical
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
CVE-2020-29304 1 Directoriespro 1 Directories Pro 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow.
CVE-2020-29303 1 Directoriespro 1 Directories Pro 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.
CVE-2020-29299 1 Zyxel 7 Atp, Nsg, Nsg Firmware and 4 more 2024-11-21 7.2 High
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVE-2020-29259 1 Online Examination System Project 1 Online Examination System 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php.