Search Results (Refine Search)

Search Parameters:
There are 153,449 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2020-27244

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 11, 2021; 7:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27243

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 11, 2021; 7:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27242

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 11, 2021; 7:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32544

Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.

Published: May 11, 2021; 2:15:06 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-30174

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.

Published: May 11, 2021; 2:15:06 AM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-32563

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

Published: May 11, 2021; 1:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23575

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23374

Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23373

Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23371

Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23370

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-23369

In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.

Published: May 10, 2021; 7:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32489

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.

Published: May 10, 2021; 6:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32399

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

Published: May 10, 2021; 6:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32053

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.

Published: May 10, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21430

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.

Published: May 10, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-28600

An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Published: May 10, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27232

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 10, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-18102

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".

Published: May 10, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)