Search Results (83742 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-18885 1 Phpmywind 1 Phpmywind 2024-11-21 7.2 High
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVE-2020-18875 1 Dotcms 1 Dotcms 2024-11-21 8.8 High
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
CVE-2020-18839 1 Freedesktop 1 Poppler 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.
CVE-2020-18831 1 Exiv2 1 Exiv2 2024-11-21 7.8 High
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
CVE-2020-18781 1 Audiofile 1 Audiofile 2024-11-21 5.5 Medium
Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
CVE-2020-18773 1 Exiv2 1 Exiv2 2024-11-21 6.5 Medium
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
CVE-2020-18768 1 Libtiff 1 Libtiff 2024-11-21 5.5 Medium
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
CVE-2020-18766 1 Antsword Project 1 Antsword 2024-11-21 9.6 Critical
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
CVE-2020-18758 1 Dcce 2 Mac1100 Plc, Mac1100 Plc Firmware 2024-11-21 9.8 Critical
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
CVE-2020-18748 1 Typora 1 Typora 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221.
CVE-2020-18737 1 Typora 1 Typora 2024-11-21 6.1 Medium
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
CVE-2020-18735 1 Eclipse 1 Cyclone Data Distribution Service 2024-11-21 7.5 High
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
CVE-2020-18734 1 Eclipse 1 Cyclone Data Distribution Service 2024-11-21 7.5 High
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.
CVE-2020-18724 1 Altn 1 Mdaemon Webmail 2024-11-21 5.4 Medium
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
CVE-2020-18723 1 Altn 1 Mdaemon Webmail 2024-11-21 5.4 Medium
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
CVE-2020-18702 1 Quokka Project 1 Quokka 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'.
CVE-2020-18699 1 Talelin 1 Lin-cms-flask 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.
CVE-2020-18693 1 Mineweb 1 Minewebcms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.
CVE-2020-18671 1 Roundcube 1 Webmail 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
CVE-2020-18670 1 Roundcube 1 Webmail 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.