New vulnerabilities from the NVD: CVE-2021-0660 | | In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0612 | | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0611 | | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0610 | | In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0425 | | In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0424 | | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0423 | | In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0422 | | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0421 | | In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235. Published at: September 27, 2021 at 03:15PM View on website September 27, 2021 at 05:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24930 | | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. Published at: September 28, 2021 at 12:15AM View on website September 28, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20696 | | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. Published at: September 28, 2021 at 01:15AM View on website September 28, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20695 | | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. Published at: September 28, 2021 at 01:15AM View on website September 28, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20693 | | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. Published at: September 28, 2021 at 01:15AM View on website September 28, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20692 | | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. Published at: September 28, 2021 at 01:15AM View on website September 28, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20691 | | An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. Published at: September 28, 2021 at 01:15AM View on website September 28, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20125 | | EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. Published at: September 29, 2021 at 02:15AM View on website September 29, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20124 | | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. Published at: September 29, 2021 at 02:15AM View on website September 29, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20122 | | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. Published at: September 29, 2021 at 02:15AM View on website September 29, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20120 | | ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. Published at: September 29, 2021 at 02:15AM View on website September 29, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12030 | | There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. Published at: September 29, 2021 at 11:15PM View on website September 30, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20781 | | A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. Published at: September 30, 2021 at 02:15AM View on website September 30, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20131 | | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. Published at: September 30, 2021 at 01:15AM View on website September 30, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20129 | | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. Published at: September 30, 2021 at 01:15AM View on website September 30, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20128 | | LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. Published at: September 30, 2021 at 01:15AM View on website September 30, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18685 | | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. Published at: September 30, 2021 at 05:15AM View on website September 30, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18684 | | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. Published at: September 30, 2021 at 05:15AM View on website September 30, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18683 | | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. Published at: September 30, 2021 at 05:15AM View on website September 30, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20665 | | |
New vulnerabilities from the NVD: CVE-2020-20664 | | |
New vulnerabilities from the NVD: CVE-2020-20663 | | libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. Published at: September 30, 2021 at 08:15PM View on website September 30, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20662 | | |
New vulnerabilities from the NVD: CVE-2020-20746 | | A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. Published at: October 01, 2021 at 12:15AM View on website October 01, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20799 | | JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. Published at: October 01, 2021 at 01:15AM View on website October 01, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20797 | | FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. Published at: October 01, 2021 at 01:15AM View on website October 01, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20796 | | FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. Published at: October 01, 2021 at 01:15AM View on website October 01, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21014 | | |
New vulnerabilities from the NVD: CVE-2020-21013 | | |
New vulnerabilities from the NVD: CVE-2020-21012 | | Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. Published at: October 01, 2021 at 10:15PM View on website October 01, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21228 | | JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. Published at: October 02, 2021 at 12:15AM View on website October 02, 2021 at 01:33AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар