Export limit exceeded: 76990 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76990 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.8 High |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | ||||
| CVE-2020-25499 | 1 Totolink | 26 A3002r, A3002r Firmware, A3002ru-v1 and 23 more | 2024-11-21 | 8.8 High |
| TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. | ||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2024-11-21 | 7.5 High |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | ||||
| CVE-2020-25490 | 1 Sqreen | 1 Php Microagent | 2024-11-21 | 7.3 High |
| Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | ||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 7.8 High |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | ||||
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25464 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | ||||
| CVE-2020-25463 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25461 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-11-21 | 7.5 High |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | ||||
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | ||||
| CVE-2020-25445 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 7.8 High |
| The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. | ||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-11-21 | 7.3 High |
| app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | ||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2024-11-21 | 7.5 High |
| Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | ||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.8 High |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | ||||
| CVE-2020-25398 | 1 Mind | 1 Imind Server | 2024-11-21 | 8.8 High |
| CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. | ||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2024-11-21 | 8.8 High |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | ||||
| CVE-2020-25362 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 7.5 High |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | ||||
| CVE-2020-25291 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 7.8 High |
| GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | ||||
| CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2024-11-21 | 7.2 High |
| Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | ||||