7206 matches found
CVE-2020-18185
Removed by vendor...
CVE-2020-18185
Affected software : PluXml 5.7. Vulnerability component : class.plx.admin.php. Root cause / impact : Allows attackers to execute arbitrary PHP code by modifying the configuration file in a Linux environment, enabling code execution with the stated impact to confidentiality, integrity, and availab...
CVE-2020-18184
Removed by vendor...
CVE-2020-18184
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...
CVE-2020-26124
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
Code injection
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...
FreeBSD : tt-rss -- multiple vulnerabilities (2eec1e85-faf3-11ea-8ac0-4437e6ad11c4)
tt-rss project reports : The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST'url' in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...
CVE-2020-15849
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...
Sql injection
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...
CVE-2020-15849
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...
CVE-2020-12842
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...
CVE-2020-12839
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...
CVE-2020-12839
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...
Privilege escalation
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...
Privilege escalation
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...
Privilege escalation
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php...
CVE-2020-12838
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php...
CVE-2020-12842
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...
CVE-2020-12842
CVE-2020-12842 affects ismartgate PRO 1.5.9. Red Hat and CNVD entries describe a privilege-escalation in /cron/checkUserExpirationDate.php via appended PHP code. No exploitation details are provided in the connected documents. Impact is described as privilege escalation; remediation is not specif...
CVE-2020-12839
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...