National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,472 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-9291

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

Published: June 01, 2020; 03:15:10 PM -04:00
(not available)
CVE-2020-13758

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

Published: June 01, 2020; 03:15:10 PM -04:00
(not available)
CVE-2020-13757

Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Published: June 01, 2020; 03:15:10 PM -04:00
(not available)
CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.

Published: June 01, 2020; 03:15:09 PM -04:00
(not available)
CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.

Published: June 01, 2020; 02:15:11 PM -04:00
(not available)
CVE-2014-9702

system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8945

admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8944

Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8943

Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8942

Lexiglot through 2014-11-20 allows CSRF.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8941

Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8940

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8939

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8938

Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-8937

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.

Published: June 01, 2020; 01:15:12 PM -04:00
(not available)
CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.

Published: June 01, 2020; 01:15:11 PM -04:00
(not available)
CVE-2014-7174

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.

Published: June 01, 2020; 01:15:11 PM -04:00
(not available)
CVE-2014-7173

FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.

Published: June 01, 2020; 01:15:11 PM -04:00
(not available)
CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.

Published: June 01, 2020; 12:15:14 PM -04:00
(not available)
CVE-2020-13448

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.

Published: June 01, 2020; 12:15:14 PM -04:00
(not available)