CVE-2020-5640

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors...

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...

CVE-2020-5560

WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors...

CVE-2020-5659

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-5547

Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet...

CVE-2020-36414

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...

CVE-2020-36416

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...

CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedulefacility parameter when restrictuserfacility=on is in global settings...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

CVE-2020-23192

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module...

CVE-2020-24716

OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories...

CVE-2020-21474

File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter...

CVE-2020-15884

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...

CVE-2020-10901

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2014-9345

SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...

CVE-2018-16116

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...

CVE-2010-5063

SQL injection vulnerability in article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter...

CVE-2010-5163

Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...

CVE-2010-1012

SQL injection vulnerability in the CleanDB nfcleandb extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-1013

SQL injection vulnerability in the Diocese of Portsmouth Database pddiocesedatabase extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...