Export limit exceeded: 74785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24046 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 7.2 High |
| A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login. | ||||
| CVE-2020-24045 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 7.2 High |
| A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. | ||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | ||||
| CVE-2020-24034 | 1 Sagemcom | 2 F\@st 5280 Router, F\@st 5280 Router Firmware | 2024-11-21 | 8.8 High |
| Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. | ||||
| CVE-2020-24033 | 1 Fs | 2 S3900 24t4s, S3900 24t4s Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. | ||||
| CVE-2020-24020 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-23996 | 1 Ilias | 1 Ilias | 2024-11-21 | 8.8 High |
| A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | ||||
| CVE-2020-23972 | 1 Gmapfp | 1 Gmapfp | 2024-11-21 | 7.5 High |
| In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | ||||
| CVE-2020-23971 | 1 Gmapfp | 1 Gmapfp | 2024-11-21 | 7.5 High |
| gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | ||||
| CVE-2020-23968 | 1 Ilex | 1 International Sign\&go | 2024-11-21 | 7.8 High |
| Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | ||||
| CVE-2020-23967 | 1 Drweb | 1 Security Space | 2024-11-21 | 7.8 High |
| Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | ||||
| CVE-2020-23960 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | ||||
| CVE-2020-23945 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. | ||||
| CVE-2020-23934 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 8.8 High |
| An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section. | ||||
| CVE-2020-23931 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.1 High |
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | ||||
| CVE-2020-23928 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.1 High |
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | ||||
| CVE-2020-23922 | 2 Apache, Giflib Project | 2 Bookkeeper, Giflib | 2024-11-21 | 7.1 High |
| An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | ||||
| CVE-2020-23921 | 1 Fast Ber Project | 1 Fast Ber | 2024-11-21 | 7.1 High |
| An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. | ||||
| CVE-2020-23909 | 1 Advancemame | 1 Advancemame | 2024-11-21 | 7.1 High |
| Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1. | ||||
| CVE-2020-23879 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 7.5 High |
| pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject. | ||||