Search Results (83871 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29144 1 Ericsson 2 Bscs Ix R18 Billing \& Rating Admx, Bscs Ix R18 Billing \& Rating Mx 2024-11-21 5.4 Medium
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
CVE-2020-29137 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
CVE-2020-29133 1 Coremail Xt Project 1 Coremail Xt 2024-11-21 6.1 Medium
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
CVE-2020-29074 3 Debian, Fedoraproject, X11vnc Project 3 Debian Linux, Fedora, X11vnc 2024-11-21 8.8 High
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
CVE-2020-29071 1 Liquidfiles 1 Liquidfiles 2024-11-21 9.0 Critical
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
CVE-2020-29070 1 Oscommerce 1 Oscommerce 2024-11-21 4.8 Medium
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-29062 1 Cdatatec 56 72408a, 72408a Firmware, 9008a and 53 more 2024-11-21 9.8 Critical
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.
CVE-2020-29061 1 Cdatatec 56 72408a, 72408a Firmware, 9008a and 53 more 2024-11-21 9.8 Critical
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.
CVE-2020-29060 1 Cdatatec 56 72408a, 72408a Firmware, 9008a and 53 more 2024-11-21 9.8 Critical
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.
CVE-2020-29059 1 Cdatatec 56 72408a, 72408a Firmware, 9008a and 53 more 2024-11-21 9.8 Critical
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.
CVE-2020-29056 2 Cdata, Cdatatec 57 Fd1104 Firmware, 72408a, 72408a Firmware and 54 more 2024-11-21 9.8 Critical
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.
CVE-2020-29053 1 Hrsale 1 Hrsale 2024-11-21 6.1 Medium
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-29040 1 Xen 1 Xen 2024-11-21 8.8 High
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.
CVE-2020-29029 1 Secomea 1 Gatemanager Firmware 2024-11-21 7.3 High
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
CVE-2020-29028 1 Secomea 1 Gatemanager Firmware 2024-11-21 6.3 Medium
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
CVE-2020-29027 1 Secomea 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.
CVE-2020-29025 1 Secomea 1 Sitemanager Embedded 2024-11-21 5.4 Medium
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3
CVE-2020-29021 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2024-11-21 3.5 Low
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
CVE-2020-29019 1 Fortinet 1 Fortiweb 2024-11-21 5.3 Medium
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
CVE-2020-29017 1 Fortinet 1 Fortideceptor 2024-11-21 8.8 High
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.