| Page(s) : 1 ... 793 794 795 796 797 798 799 800 801 802 [803] 804 805 806 807 808 809 810 811 812 813 ... | Result(s) : 43532 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2021-02-01 | CVE-2020-20294 | cve | An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. |
| 9.8 | 2021-02-01 | CVE-2020-20295 | cve | An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. |
| 9.8 | 2021-02-01 | CVE-2020-20296 | cve | An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL com... |
| 9.8 | 2021-02-01 | CVE-2020-21176 | cve | SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. |
| 9.8 | 2021-02-01 | CVE-2020-21179 | cve | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. |
| 9.8 | 2021-02-01 | CVE-2020-21180 | cve | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. |
| 9.3 | 2021-02-01 | CVE-2021-21276 | cve | Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do... |
| 9.8 | 2021-02-01 | CVE-2019-20468 | cve | An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STOR... |
| 9.8 | 2021-02-01 | CVE-2020-15835 | cve | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as r... |
| 9.8 | 2021-02-01 | CVE-2020-15833 | cve | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that... |
| 9.8 | 2021-02-01 | CVE-2020-13859 | cve | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface... |
| 9.8 | 2021-02-01 | CVE-2020-13858 | cve | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are... |
| 9.8 | 2021-02-01 | CVE-2021-3378 | cve | FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspo... |
| 9.8 | 2021-01-30 | CVE-2020-15690 | cve | In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. |
| 9.8 | 2021-01-30 | CVE-2020-15568 | cve | TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.... |
| 9.8 | 2021-01-29 | CVE-2020-29557 | cve | An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remot... |
| 9.8 | 2021-01-29 | CVE-2021-26305 | cve | An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly alloca... |
| 9.8 | 2021-01-29 | CVE-2021-3346 | cve | Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. |
| 9.1 | 2021-01-29 | CVE-2020-35547 | cve | A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. |
| 9.6 | 2021-01-28 | CVE-2020-35124 | cve | A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of a... |
| Page(s) : 1 ... 793 794 795 796 797 798 799 800 801 802 [803] 804 805 806 807 808 809 810 811 812 813 ... | Result(s) : 43532 |
