Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1303 matches found

NVD
NVDadded 2020/07/28 5:15 p.m.8 views

CVE-2020-15616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the package parameter, the...

7.8CVSS7.5AI score0.0401EPSS
Exploits0References1
NVD
NVDadded 2020/07/28 5:15 p.m.14 views

CVE-2020-15619

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...

7.8CVSS7.5AI score0.0383EPSS
Exploits0References1
Prion
Prionadded 2020/07/28 5:15 p.m.14 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...

7.8CVSS7.5AI score0.0401EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2020/07/28 5:15 p.m.12 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...

7.8CVSS7.5AI score0.0383EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2020/07/28 5:15 p.m.16 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...

7.8CVSS7.5AI score0.0383EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2020/07/28 5:15 p.m.13 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxaddmailbox.php. When parsing the username parameter, the...

7.8CVSS7.5AI score0.0383EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/07/28 5:1 p.m.14 views

CVE-2020-15626

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...

7.5CVSS7.5AI score0.0383EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/07/28 5:1 p.m.16 views

CVE-2020-15622

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the search parameter, the...

7.5CVSS7.5AI score0.0383EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/07/28 5:1 p.m.13 views

CVE-2020-15619

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...

7.5CVSS7.5AI score0.0383EPSS
Exploits0References1
OSV
OSVadded 2020/07/20 3:15 p.m.1 views

CVE-2020-14491

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information...

6.5CVSS6.9AI score0.00839EPSS
Exploits0References1
NVD
NVDadded 2020/07/20 3:15 p.m.9 views

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

9.8CVSS9.7AI score0.02545EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/07/20 2:45 p.m.11 views

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

9.7AI score0.02545EPSS
Exploits0References1
NVD
NVDadded 2020/07/16 6:15 p.m.18 views

CVE-2020-3378

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

4.3CVSS0.00691EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/07/16 5:21 p.m.22 views

CVE-2020-3378 Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

4.3CVSS5AI score0.00691EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.26 views

Advantech iView User setUserAccountInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

7.5CVSS0.6AI score0.04922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.26 views

Advantech iView LinksTable deleteLinks SQL Injection Remote code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the deleteLinks method of the LinksTable class. The issue...

9.8CVSS2.5AI score0.04922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.30 views

Advantech iView DeviceTreeTable getUpdateDeviceListDetails SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

7.5CVSS1.7AI score0.04922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.18 views

Advantech iView TrapEventConfig retrieveDeviceTrapConfig SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveDeviceTrapConfig method of the TrapEventConfig...

9.8CVSS3.6AI score0.04922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.23 views

Advantech iView ConfigurationTable setConfigurationItem SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setConfigurationItem method of the...

7.5CVSS1.1AI score0.04922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/07/16 12:0 a.m.21 views

Advantech iView ZTPConfigTable findConfiguration SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZTPConfigTable class. The issue results from the lack of proper validation of a...

9.8CVSS1.9AI score0.04922EPSS
Exploits0References1
Rows per page
Query Builder