New vulnerabilities from the NVD: CVE-2020-26763 | |
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. Published at: July 05, 2021 at 06:15PM View on website July 05, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23697 | | Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. Published at: July 07, 2021 at 12:15AM View on website July 07, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22251 | | Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. Published at: July 06, 2021 at 11:15PM View on website July 07, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22249 | | Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution Published at: July 06, 2021 at 11:15PM View on website July 07, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-20776 | | Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. Published at: July 07, 2021 at 11:15AM View on website July 07, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-20739 | | WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. Published at: July 07, 2021 at 11:15AM View on website July 07, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-20738 | | WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. Published at: July 07, 2021 at 11:15AM View on website July 07, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25925 | | Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25868 | | Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24149 | | Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24148 | | Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24147 | | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24146 | | Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24145 | | Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24144 | | Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24143 | | Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24142 | | Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24141 | | Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24038 | | myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20225 | | Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20216 | | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20215 | | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20213 | | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20212 | | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20211 | | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Published at: July 07, 2021 at 05:15PM View on website July 07, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23702 | | Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php. Published at: July 07, 2021 at 10:15PM View on website July 07, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23700 | | Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. Published at: July 07, 2021 at 10:15PM View on website July 07, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-1879 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 08, 2021 at 12:15AM View on website July 08, 2021 at 01:38AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-5002 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 08, 2021 at 12:15AM View on website July 08, 2021 at 01:38AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-28598 | | An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Published at: July 08, 2021 at 03:15PM View on website July 08, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20217 | | Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Published at: July 08, 2021 at 03:15PM View on website July 08, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20586 | | A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. Published at: July 08, 2021 at 07:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20585 | | A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. Published at: July 08, 2021 at 07:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20584 | | A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/. Published at: July 08, 2021 at 07:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20583 | | A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information. Published at: July 08, 2021 at 07:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20582 | | A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. Published at: July 08, 2021 at 07:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18741 | | Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." Published at: July 08, 2021 at 08:15PM View on website July 08, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23580 | | |
New vulnerabilities from the NVD: CVE-2020-20363 | | |
New vulnerabilities from the NVD: CVE-2012-2666 | | golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. Published at: July 09, 2021 at 02:15PM View on website July 09, 2021 at 03:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1102 | | It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. Published at: July 09, 2021 at 02:15PM View on website July 09, 2021 at 03:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-6688 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 03:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5632 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 03:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-4509 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 03:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-2689 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 03:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-2659 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 04:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1609 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 04:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-0832 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: July 09, 2021 at 04:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-0816 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: July 09, 2021 at 04:15PM View on website July 09, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22535 | | Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. Published at: July 09, 2021 at 07:15PM View on website July 09, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21333 | | Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. Published at: July 09, 2021 at 08:15PM View on website July 09, 2021 at 09:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар