29 matches found
EUVD-2020-19219
Malware in sbrugna...
EUVD-2020-19222
Malware in sbrugna...
EUVD-2020-19220
Malware in sbrugna...
EUVD-2020-19221
Malware in sbrugna...
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...
CVE-2020-26679
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...
CVE-2020-26677
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
CVE-2020-26679
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
CVE-2020-26680
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to...
CVE-2020-26677
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
CVE-2020-26678
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...
CVE-2020-26680
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to...
Cross site scripting
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to...
Remote code execution
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...
Sql injection
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
Cross site scripting
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
CVE-2020-26677
Summary: CVE-2020-26677 affects the vFairs 3.3 virtual conference platform. Affected component is the API, where any user logged in can perform SQL injection by sending a malicious query. The connected documents corroborate the vulnerability description across sources (NVD entry and CNVD peer). I...
CVE-2020-26677
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
CVE-2020-26680
CVE-2020-26680 affects vFairs 3.3, where any logged-in user can modify another user’s profile to inject an XSS payload. The vulnerability stems from HTML tags stored in database-backed user data that are rendered on pages, enabling cross-site scripting. The provided documents do not specify a con...