Show filters
555 topics marked with the following tags:
Displaying 131-140 of 555
Sort by:
Attacker Value
Low

CVE-2024-28741

Disclosure Date: April 06, 2024 (last updated April 10, 2024)
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
1
Attacker Value
Very Low

CVE-2020-11530

Disclosure Date: May 08, 2020 (last updated October 06, 2023)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
Attacker Value
Low

CVE-2020-7208

Disclosure Date: February 13, 2020 (last updated November 27, 2024)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
Attacker Value
Very High

CVE-2020-10644

Disclosure Date: June 09, 2020 (last updated November 28, 2024)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
Very High

CVE-2020-9496

Disclosure Date: July 15, 2020 (last updated November 08, 2023)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Attacker Value
Moderate

CVE-2020-0662

Disclosure Date: February 11, 2020 (last updated November 27, 2024)
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
Attacker Value
High

CVE-2018-10933

Last updated March 13, 2020
## Description libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials. ## Patch Availability Patches addressing the issue have been posted to: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/ libssh version 0.8.4 and libssh 0.7.6 have been released to address this issue. ## Workaround There is no workaround for this issue. ## Credit The bug was discovered by Peter Winter-Smith of NCC Group. Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.
0
Attacker Value
Very High

CVE-2020-10547

Disclosure Date: June 04, 2020 (last updated November 28, 2024)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Attacker Value
Moderate

CVE-2020-13699

Disclosure Date: July 29, 2020 (last updated November 28, 2024)
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
Attacker Value
Very High

CVE-2020-8135

Disclosure Date: March 20, 2020 (last updated November 27, 2024)
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.