Search Results (83866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28071 1 Alumni Management System Project 1 Alumni Management System 2024-11-21 4.8 Medium
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS.
CVE-2020-28055 1 Tcl 14 32s330, 32s330 Firmware, 40s330 and 11 more 2024-11-21 7.8 High
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.
CVE-2020-28047 1 Web-audimex 1 Audimexee 2024-11-21 5.4 Medium
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.
CVE-2020-28038 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2024-11-21 6.1 Medium
WordPress before 5.5.2 allows stored XSS via post slugs.
CVE-2020-28037 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2024-11-21 9.8 Critical
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
CVE-2020-28034 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2024-11-21 6.1 Medium
WordPress before 5.5.2 allows XSS associated with global variables.
CVE-2020-28031 1 Eramba 1 Eramba 2024-11-21 4.3 Medium
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.
CVE-2020-28030 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-11-21 7.5 High
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
CVE-2020-28024 1 Exim 1 Exim 2024-11-21 9.8 Critical
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
CVE-2020-28022 1 Exim 1 Exim 2024-11-21 9.8 Critical
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
CVE-2020-28016 1 Exim 1 Exim 2024-11-21 7.8 High
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28013 1 Exim 1 Exim 2024-11-21 7.8 High
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
CVE-2020-28011 1 Exim 1 Exim 2024-11-21 7.8 High
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
CVE-2020-28010 1 Exim 1 Exim 2024-11-21 7.8 High
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
CVE-2020-28001 1 Solarwinds 1 Serv-u 2024-11-21 5.4 Medium
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
CVE-2020-27992 1 Wondershare 1 Dr.fone 2024-11-21 7.8 High
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
CVE-2020-27991 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
CVE-2020-27990 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
CVE-2020-27989 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
CVE-2020-27988 1 Nagios 1 Nagios Xi 2024-11-21 5.4 Medium
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).