CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

CVE-2025-6320

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2025-6320

CVE-2025-6320 affects PHPGurukul Pre-School Enrollment System 1.0. A vulnerability in the file /admin/add-class.php arises from manipulation of the classname parameter, leading to SQL injection. Descriptions from CNVD/CNNVD/Red Hat and other sources indicate remote exploitation and that the explo...

CVE-2025-6320 PHPGurukul Pre-School Enrollment System add-class.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2020-6320

SAP Marketing Servlet, version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiali...

CVE-2024-6320

creationtimestamp| type| source ---|---|--- 2024-07-09 10:59:22+00:00| seen| https://t.me/cvedetector/264...

CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in Novemb...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

CVE-2020-6320

The CVE-2020-6320 entry concerns SAP Marketing (Servlet) versions 130, 140, and 150 with an improper access control issue. An authenticated attacker can invoke functions that are restricted, possibly affecting contact/interaction data and impacting Confidentiality and Integrity of the application...

CVE-2019-6320

The CVE-2019-6320 entry affects HP DeskJet 3630 All-in-One Printers (models F5S43A–F5S57A, K4T93A–K4T99C, K4U00B–K4U03B, V3F21A–V3F22A) with firmware SWP1FN1912BR or higher. The vulnerability is a Cross-Site Request Forgery (CSRF) that could cause denial of service or device misconfiguration. Doc...

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure PCS 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an https Host header received from the browser is trusted without validation...

CVE-2018-6320

CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

CVE-2017-6320

Barracuda Load Balancer product line is affected by CVE-2017-6320. The flaw is a remote command-injection due to unsanitized data processed in a system call during the delete_assessment command, exploitable by an authenticated user to run arbitrary shell commands and gain root privileges. Affecte...

Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection (Metasploit)

Barracuda Load Balancer Firmware 6.0.1.006 - Remote Command Injection Metasploit Exploit Title: Barracuda Load Balancer Firmware 'Barracuda Load Balancer Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Load Balancer Firmware Version = v6.0.1.006 2016-08-...

CVE-2014-6320

...

CVE-2014-6320

This CVE entry is rejected/not used; the candidate was not associated with any vulnerability.

CVE-2016-6320

CVE-2016-6320 describes a Cross-Site Scripting (XSS) vulnerability in Foreman’s web UI, specifically in the file app/assets/javascripts/host_edit_interfaces.js. The issue allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the ho...

CVE-2016-6320

Cross-site scripting XSS vulnerability in app/assets/javascripts/hosteditinterfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form...