| Page(s) : 1 ... 808 809 810 811 812 813 814 815 816 817 [818] 819 820 821 822 823 824 825 826 827 828 ... | Result(s) : 43537 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2020-12-24 | CVE-2020-29472 | cve | EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to p... |
| 9.8 | 2020-12-23 | CVE-2020-11720 | cve | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the acc... |
| 9.8 | 2020-12-23 | CVE-2020-28070 | cve | SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. |
| 9.8 | 2020-12-23 | CVE-2020-25190 | cve | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. |
| 9.8 | 2020-12-23 | CVE-2020-25196 | cve | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentica... |
| 9.8 | 2020-12-23 | CVE-2020-28073 | cve | SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. |
| 9.8 | 2020-12-23 | CVE-2020-28074 | cve | SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. |
| 9.1 | 2020-12-23 | CVE-2020-29551 | cve | An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts ... |
| 9.8 | 2020-12-23 | CVE-2020-29552 | cve | An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a... |
| 9.8 | 2020-12-23 | CVE-2020-35665 | cve | An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV cre... |
| 9.8 | 2020-12-23 | CVE-2020-13968 | cve | CRK Business Platform |
| 9.8 | 2020-12-22 | CVE-2020-24679 | cve | A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the ... |
| 9.8 | 2020-12-22 | CVE-2020-29583 | cve | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the... |
| 9.8 | 2020-12-22 | CVE-2020-24673 | cve | In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administrat... |
| 9.8 | 2020-12-22 | CVE-2020-28448 | cve | This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array. |
| 9.8 | 2020-12-22 | CVE-2020-25066 | cve | A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitra... |
| 9.8 | 2020-12-22 | CVE-2020-24675 | cve | In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimatel... |
| 9.1 | 2020-12-22 | CVE-2018-15632 | cve | Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty data... |
| 9.8 | 2020-12-22 | CVE-2020-24683 | cve | The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authenti... |
| 9.8 | 2020-12-21 | CVE-2020-8995 | cve | Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to... |
| Page(s) : 1 ... 808 809 810 811 812 813 814 815 816 817 [818] 819 820 821 822 823 824 825 826 827 828 ... | Result(s) : 43537 |
