CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

CVE-2020-27975

osCommerce Phoenix CE before 1.0.5.4 allows admin/definelanguage.php CSRF...

Cross site request forgery (csrf)

osCommerce Phoenix CE before 1.0.5.4 allows admin/definelanguage.php CSRF...

CVE-2020-27975

osCommerce Phoenix CE before 1.0.5.4 allows admin/definelanguage.php CSRF...

CVE-2020-27975

CVE-2020-27975 affects osCommerce Phoenix CE prior to 1.0.5.4, with a Cross-Site Request Forgery in admin/define_language.php. The vulnerability is documented across multiple feeds (NVD entry and Red Hat/CNVD mirrors) as CSRF, indicating that unauthenticated or unintended requests could affect la...

CVE-2020-27976

osCommerce Phoenix CE prior to 1.0.5.4 is affected by a remote OS command injection via admin/mail.php where a from POST parameter can reach the PHP mail function and the sendmail -f option. Root cause is command injection in processing the from parameter, enabling remote code execution per the C...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

Security Bulletin: CVE-2020-15190 for Tensorflow in Watson Machine Learning Community Edition

Summary In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor...

ce-consultbg.com Cross Site Scripting vulnerability OBB-1403452

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Microsoft Windows XP Source Code Reportedly Leaked Online

Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

CVE-2020-10228

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

Unrestricted file upload

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

CVE-2020-10227

CVE-2020-10227 describes a cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE, where an attacker can inject arbitrary JavaScript via the From field of an email. Affected component: vtenext/vtecrm 19 CE, Messages module. Root cause: input handling in the email ...

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

CVE-2020-10228

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution...

CVE-2020-10228

CVE-2020-10228 affects vtecrm/vtenext 19 CE and is a file upload vulnerability that allows authenticated users to upload a .pht file, enabling remote code execution. Public discussions and exploits exist (e.g., Exploit-DB) describing the chain to achieve RCE. Multiple catalogs (NVD, Red Hat, CNVD...

CVE-2020-10229

CVE-2020-10229 describes a CSRF vulnerability in VTENEXT 19 CE (vtecrm) that enables an attacker to perform administrator-level actions on behalf of a logged-in admin, including uploading files, adding users, and deleting accounts. Public sources in the connected set include references to Red Hat...