CVE-2020-20658 (libiec_iccp_mod)
Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space. Devamını Oku
Devamını oku
CVE-2020-15940 (forticlient_enterprise_management_server)
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. Devamını Oku
CVE-2020-27406
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname. Devamını Oku
CVE-2020-35249
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. Devamını Oku
CVE-2020-27406 (dynpg)
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname. Devamını Oku
CVE-2020-35249 (elkarbackup)
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. Devamını Oku
CVE-2018-10909
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Devamını Oku
CVE-2021-20136
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution…
CVE-2020-28702
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. Devamını Oku
CVE-2015-20019
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues Devamını Oku
CVE-2015-20067
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a WordPress Devamını Oku
CVE-2018-25019
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server Devamını Oku