Search Results (Refine Search)

Search Parameters:
There are 155,605 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2020-35761

bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.

Published: June 16, 2021; 12:15:07 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-35760

bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).

Published: June 16, 2021; 12:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-35759

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).

Published: June 16, 2021; 12:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27339

An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode.

Published: June 16, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-24939

Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.

Published: June 16, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-22198

SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.

Published: June 16, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-20444

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .

Published: June 16, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34803

TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.

Published: June 16, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34801

Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.

Published: June 16, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27610

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Published: June 16, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22914

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.

Published: June 16, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21668

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

Published: June 16, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21667

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

Published: June 16, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Published: June 16, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-8299

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Published: June 16, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32928

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

Published: June 16, 2021; 9:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31857

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.

Published: June 16, 2021; 9:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31159

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

Published: June 16, 2021; 9:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27485

ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.

Published: June 16, 2021; 9:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27483

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.

Published: June 16, 2021; 9:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)