Search Results (83634 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-15521 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.1 Medium
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
CVE-2020-15517 1 Faceted Search Project 1 Faceted Search 2024-11-21 5.4 Medium
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.
CVE-2020-15516 1 Mm Forum Project 1 Mm Forum 2024-11-21 5.4 Medium
The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.
CVE-2020-15514 1 Jh Captcha Project 1 Jh Captcha 2024-11-21 5.4 Medium
The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.
CVE-2020-15500 1 Tileserver 1 Tileservergl 2024-11-21 6.1 Medium
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
CVE-2020-15499 1 Asus 2 Rt-ac1900p, Rt-ac1900p Firmware 2024-11-21 6.1 Medium
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.
CVE-2020-15497 1 Jalios 1 Jcms 2024-11-21 5.3 Medium
jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS
CVE-2020-15489 1 Wavlink 2 Wl-wn530hg4, Wl-wn530hg4 Firmware 2024-11-21 9.8 Critical
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
CVE-2020-15477 1 Raspberrytorte 1 Raspberrytortoise 2024-11-21 9.8 Critical
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.
CVE-2020-15474 1 Ntop 1 Ndpi 2024-11-21 9.8 Critical
In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
CVE-2020-15470 1 Rockcarry 1 Ffjpeg 2024-11-21 5.5 Medium
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
CVE-2020-15467 1 Cohesive 1 Vns3 2024-11-21 8.8 High
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
CVE-2020-15435 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719.
CVE-2020-15434 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9745.
CVE-2020-15433 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715.
CVE-2020-15432 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9743.
CVE-2020-15431 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9740.
CVE-2020-15430 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9736.
CVE-2020-15429 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716.
CVE-2020-15428 1 Control-webpanel 1 Webpanel 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9714.