13538 matches found
Microsoft SharePoint Server Remote Code Execution (CVE-2020-16951)
A remote code execution vulnerability exists in Microsoft SharePoint server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Linksys RE6500 Remote Code Execution
A remote code execution vulnerability exists in Linksys RE6500. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHPGurukul Admin Panel SQL Injection (CVE-2020-25952)
An SQL Injection vulnerability exists in PHPGurukul Admin Panel. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
OsCommerce Phoenix CE Command Injection (CVE-2020-27976)
A command injection vulnerability exists in OsCommerce Phoenix CE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Media Foundation Information Disclosure (CVE-2020-0939)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Apache SkyWalking Storage SQL Injection (CVE-2020-13921)
An SQL injection vulnerability exists in Apache SkyWalking MySQL storage implementation. The vulnerability is due to insufficient validation of the user supplied input for wildcard alarm search query through GraphQL protocol...
Web Servers Memory Corruption Attempt (CVE-2020-12000; CVE-2020-13934; CVE-2020-3239; CVE-2020-9490)
A memory corruption vulnerability can be exploited by malicious actors. Successful exploitation could cause damage to target systems...
Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)
A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...
Apache SkyWalking Storage SQL Injection (CVE-2020-9483)
An SQL injection vulnerability exists in Apache SkyWalking H2 storage implementation. The vulnerability is due to insufficient validation of the user-supplied input for metadata query through GraphQL protocol...
PHP Arbitrary File Upload (CVE-2020-12255; CVE-2020-23828)
Malicious PHP files can be uploaded to a server due to improper validation. Successful exploitation could result in execution of arbitrary code on the target system...
Web Servers Directory Traversal Attempt (CVE-2020-10631; CVE-2020-13158; CVE-2020-13886; CVE-2020-3240)
A directory traversal vulnerability exists in web servers. Successful exploitation of this vulnerability could result in information disclosure or execution of arbitrary code...
Trend Micro IWSVA Remote Code Execution (CVE-2020-8466)
A remote code execution vulnerability exists in Trend Micro IWSVA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI SNMP Trap SQL Injection
An SQL injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the SNMP Trap edit functionality...
Microsoft Sharepoint Remote Code Execution (CVE-2020-1210)
A remote code execution vulnerability exists in Microsoft Sharepoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TP-Link TL-WR849N Routers Remote Code Execution (CVE-2020-9374)
A command execution vulnerability exists in Tplink tlwr849n firmware 0.9.1 4.16. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Veeam ONE SSRSReport XML External Entity Injection (CVE-2020-15418)
An XML external entity injection vulnerability exists in Veeam ONE. The vulnerability is due to insufficient handling of XML external entities in requests submitted to the server...
WordPress Canto Plugin Server-Side Request Forgery (CVE-2020-28976; CVE-2020-28977; CVE-2020-28978)
A sever-side request forgery vulnerability exists in WordPress Canto Plugin. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and...
IBM Spectrum Protect Plus Command Injection (CVE-2020-4206)
A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the timezone parameter...
Trend Micro IMSVA External Entity Injection (CVE-2020-27017)
An XXE vulnerability exists in Trend Micro InterScan Messaging Virtual Appliance. The vulnerability is due to insufficient validation of XML data in the Java class PolicyWSAction...
ISC BIND DNS Server Denial of Service (CVE-2020-8620)
A denial-of-service vulnerability exists in ISC BIND DNS Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Micro Focus Secure Messaging Gateway Command Injection (CVE-2020-11852)
A command injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to improper validation of SaveData parameter within managedomainssavedata.json.php...
FasterXML jackson-databind Remote Code Execution (CVE-2020-14645; CVE-2020-24616; CVE-2020-8840)
FasterXML jackson-databind is a java library that contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor, under the right conditions, exploit Java applications performing unsafe deserialization of objects. Successful exploitation of unsafe deserializatio...
Apache Unomi Remote Code Execution(CVE-2020-13942)
A remote code execution vulnerability exists in the Apache Unomi project. The vulnerability is due to insufficient validation of OGNL and MVEL2. Successful exploitation of this vulnerability could result in execution of arbitrary code...
Web Servers Buffer Overflow Attempt (CVE-2020-3119; CVE-2020-3120; CVE-2020-3172; CVE-2020-8450)
A buffer overflow vulnerability can be exploited by sending a parameter with size larger than can be stored in a buffer. Successful exploitation could result in execution of arbitrary code on the target system or denial of service conditions...
Apache Kylin Remote Code Execution (CVE-2020-1956)
A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Netkit Telnet Buffer Overflow (CVE-2020-10188)
A buffer overflow vulnerability exists in Netkit Telnet Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
McAfee ePolicy Orchestrator Reflected Cross Site Scripting (CVE-2020-7318)
A reflected cross site scripting vulnerability exists in McAfee ePolicy Orchestrator. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Mozilla Firefox Memory Corruption (CVE-2020-6806)
A memory corruption vulnerability exists in Mozilla firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Privilege Escalation (CVE-2016-3225)
A privilege escalation vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Online Bus Ticket Reservation Project SQL Injection (CVE-2020-35378)
An SQL injection vulnerability exists in Online Bus Ticket Reservation. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
SourceCodester Sales and Inventory System SQL Injection (CVE-2020-28133)
An SQL injection vulnerability exists in SourceCodester Sales and Inventory System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Bloodx Project SQL Injection (CVE-2020-29282)
An SQL injection vulnerability exists in Bloodx Project. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Advantech R-SeeNet SQL Injection (CVE-2020-25157)
A SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to insufficient validation on the deviceid parameter within deviceposition.php...
ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)
A denial of service vulnerability has been reported in ISC BIND DNS servers. The vulnerability is due to the way that the DNS server improperly handles invalid TKEY resource records. A remote attacker may exploit this issue by sending a specially crafted DNS query to a DNS server. Successful...
Microsoft Windows Privilege Escalation (CVE-2016-0096)
A privilege escalation vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Nagios XI Graph Explorer Cross-Site Scripting (CVE-2020-15902)
A cross-site scripting vulnerability exists in Nagios XI. This vulnerability is due to improper validation of the link parameter in visFunctions.inc.php...
Apache Tapestry Information Disclosure (CVE-2020-13953)
An information disclosure vulnerability exists in Apache Tapestry. This vulnerability is due to URL manipulation that allows Java webapp files inside WEB-INF to be listed and downloaded...
Mcafee VirusScan Enterprise Remote Code Execution (CVE-2016-8020)
A remote code execution vulnerability exists in Mcafee VirusScan Enterprise. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)
An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Joomla! Remote Code Execution (CVE-2020-10238; CVE-2020-10239; CVE-2021-23132)
A remote code execution vulnerability exists in Joomla!. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
XStream Remote Code Execution (CVE-2020-26217)
A remote code execution vulnerability exists in XStream. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Dubbo Remote Code Execution (CVE-2020-1948)
A remote code execution vulnerability exists in Apache Dubbo. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cisco Jabber Cross-Site Scripting (CVE-2020-26085)
A cross site scripting vulnerability exists in Cisco Jabber. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Apache Struts Remote Code Execution (CVE-2020-17530)
A remote code execution vulnerability exists in Apache Struts. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Pligg CMS Cross Site Request Forgery (CVE-2015-6655)
A cross site request forgery vulnerability exists in Pligg CMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Cisco AnyConnect Secure Mobility Client Privilege Escalation (CVE-2020-3153)
A vulnerability exists in Cisco AnyConnect Secure Mobility Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios Log Server Mail Settings Cross-Site Scripting
A stored cross-site scripting vulnerability exists in Nagios Log Server. The vulnerability is due to insufficient validation of user input in HTTP requests submitted to mail.php endpoint...
Web Servers Cross-Site Scripting Attempt (CVE-2020-10820; CVE-2020-10821; CVE-2020-11930; CVE-2020-12256; CVE-2020-12259; CVE-2020-1943; CVE-2020-2096)
Remote attackers may attempt to exploit web servers vulnerable to cross-site scripting vulnerabilities. Successful exploitation could result in damaging user systems...
Oracle Fusion Middleware OiT Component Multiple Vulnerabilities (CVE-2016-3593)
Multiple vulnerabilities exist in Oracle Fusion Middleware Outside in Technology component. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
SolarWinds SUPERNOVA .NET Webshell Traffic
SolarWinds SUPERNOVA .NET Webshell is a malicious application that allows remote attackers to gain access to an affected system...