The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
Max CVSS
6.1
EPSS Score
0.19%
Published
2020-02-28
Updated
2021-07-21

CVE-2020-9465

Public exploit
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
Max CVSS
9.8
EPSS Score
0.16%
Published
2020-02-28
Updated
2021-02-23
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Max CVSS
9.0
EPSS Score
76.26%
Published
2020-02-28
Updated
2020-03-03
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
Max CVSS
5.4
EPSS Score
0.09%
Published
2020-02-28
Updated
2020-03-02
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Max CVSS
8.8
EPSS Score
0.10%
Published
2020-02-28
Updated
2020-03-04
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.
Max CVSS
6.1
EPSS Score
0.13%
Published
2020-02-28
Updated
2021-12-21
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-28
Updated
2020-03-03
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Max CVSS
7.5
EPSS Score
0.47%
Published
2020-02-27
Updated
2021-07-21
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
Max CVSS
7.5
EPSS Score
0.71%
Published
2020-02-27
Updated
2021-02-09
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
Max CVSS
7.5
EPSS Score
0.36%
Published
2020-02-27
Updated
2021-12-30
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-02-27
Updated
2021-07-21
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
Max CVSS
5.3
EPSS Score
0.09%
Published
2020-02-26
Updated
2023-09-28
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Max CVSS
9.8
EPSS Score
2.20%
Published
2020-02-26
Updated
2023-09-28
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-02-26
Updated
2023-09-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-02-28
Updated
2021-07-21
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
Max CVSS
9.8
EPSS Score
0.14%
Published
2020-02-25
Updated
2020-03-03
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
Max CVSS
7.2
EPSS Score
0.08%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-02-25
Updated
2022-04-18
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
Max CVSS
7.5
EPSS Score
0.10%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
Max CVSS
7.1
EPSS Score
0.05%
Published
2020-02-25
Updated
2022-10-29
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-02-24
Updated
2021-07-21
1394 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!