Show filters
645 topics marked with the following tags:
Displaying 31-40 of 645
Sort by:
Attacker Value
High
CVE-2020-35846
Disclosure Date: December 30, 2020 (last updated October 07, 2023)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
3
Attacker Value
Very High
© 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable …
Last updated September 21, 2021
The © 2021 Rupee Invoice System - Mayuri K | Designed by : Mayurik K is vulnerable to remote SQL-Injection-Bypass-Authentication.
remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user will sending a malicious query or malicious payload to the MySQL server for those three accounts, he can bypass the login credentials and take control of admin account.
1
Attacker Value
Very Low
CVE-2020-14933
Disclosure Date: June 20, 2020 (last updated November 08, 2023)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded).
0
Attacker Value
High
CVE-2021-22707
Disclosure Date: July 21, 2021 (last updated October 07, 2023)
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
1
Attacker Value
Moderate
CVE-2021-42847
Disclosure Date: November 11, 2021 (last updated October 07, 2023)
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
2
Attacker Value
Moderate
CVE-2022-31660
Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
1
Attacker Value
Very High
CVE-2022-29110
Disclosure Date: May 10, 2022 (last updated December 21, 2023)
Microsoft Excel Remote Code Execution Vulnerability
3
Attacker Value
High
CVE-2020-5344
Disclosure Date: March 26, 2020 (last updated October 06, 2023)
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
2
Attacker Value
High
CVE-2016-2183
Disclosure Date: September 01, 2016 (last updated October 05, 2023)
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
3
Attacker Value
Very Low
CVE-2020-11530
Disclosure Date: May 08, 2020 (last updated October 06, 2023)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
1