Show filters
555 topics marked with the following tags:
Displaying 131-140 of 555
Sort by:
Attacker Value
Low
CVE-2024-28741
Disclosure Date: April 06, 2024 (last updated April 10, 2024)
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
1
Attacker Value
Very Low
CVE-2020-11530
Disclosure Date: May 08, 2020 (last updated October 06, 2023)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
1
Attacker Value
Low
CVE-2020-7208
Disclosure Date: February 13, 2020 (last updated November 27, 2024)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
0
Attacker Value
Very High
CVE-2020-10644
Disclosure Date: June 09, 2020 (last updated November 28, 2024)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
1
Attacker Value
Very High
CVE-2020-9496
Disclosure Date: July 15, 2020 (last updated November 08, 2023)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
0
Attacker Value
Moderate
CVE-2020-0662
Disclosure Date: February 11, 2020 (last updated November 27, 2024)
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
0
Attacker Value
High
CVE-2018-10933
Last updated March 13, 2020
## Description
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate without any credentials.
## Patch Availability
Patches addressing the issue have been posted to:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
libssh version 0.8.4 and libssh 0.7.6 have been released to address this issue.
## Workaround
There is no workaround for this issue.
## Credit
The bug was discovered by Peter Winter-Smith of NCC Group.
Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.
0
Attacker Value
Very High
CVE-2020-10547
Disclosure Date: June 04, 2020 (last updated November 28, 2024)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
0
Attacker Value
Moderate
CVE-2020-13699
Disclosure Date: July 29, 2020 (last updated November 28, 2024)
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
1
Attacker Value
Very High
CVE-2020-8135
Disclosure Date: March 20, 2020 (last updated November 27, 2024)
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
0