CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2020-8655 269 2020-02-07 2020-03-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
1102 CVE-2020-8654 78 2020-02-07 2020-03-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.
1103 CVE-2020-8636 306 Exec Code 2020-02-06 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
1104 CVE-2020-8599 434 Bypass 2020-03-18 2020-03-19
10.0
None Remote Low Not required Complete Complete Complete
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
1105 CVE-2020-8598 20 Exec Code 2020-03-18 2020-03-19
10.0
None Remote Low Not required Complete Complete Complete
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
1106 CVE-2020-8584 94 Exec Code 2021-01-08 2021-01-13
10.0
None Remote Low Not required Complete Complete Complete
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
1107 CVE-2020-8515 74 Exec Code 2020-02-01 2020-03-31
10.0
None Remote Low Not required Complete Complete Complete
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
1108 CVE-2020-8481 200 +Info 2020-04-29 2020-05-12
10.0
None Remote Low Not required Complete Complete Complete
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.
1109 CVE-2020-8470 20 2020-03-18 2020-03-19
9.4
None Remote Low Not required None Complete Complete
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
1110 CVE-2020-8465 287 Exec Code Bypass CSRF 2020-12-17 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
1111 CVE-2020-8445 20 2020-01-30 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data.
1112 CVE-2020-8438 78 Exec Code 2020-01-29 2020-01-31
9.0
None Remote Low ??? Complete Complete Complete
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
1113 CVE-2020-8432 415 Exec Code 2020-01-29 2021-03-26
10.0
None Remote Low Not required Complete Complete Complete
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
1114 CVE-2020-8429 20 Bypass 2020-02-11 2020-02-25
9.0
None Remote Low ??? Complete Complete Complete
The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command.
1115 CVE-2020-8427 78 Sql Bypass 2020-02-17 2020-06-19
9.0
None Remote Low ??? Complete Complete Complete
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
1116 CVE-2020-8423 120 Exec Code Overflow 2020-04-02 2020-04-06
9.0
None Remote Low ??? Complete Complete Complete
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.
1117 CVE-2020-8298 77 2021-03-04 2021-03-09
10.0
None Remote Low Not required Complete Complete Complete
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
1118 CVE-2020-8289 295 Exec Code 2020-12-27 2020-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
1119 CVE-2020-8283 269 Exec Code 2020-12-14 2020-12-17
9.0
None Remote Low ??? Complete Complete Complete
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
1120 CVE-2020-8273 78 2020-11-16 2020-11-30
9.0
None Remote Low ??? Complete Complete Complete
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
1121 CVE-2020-8271 22 Exec Code Dir. Trav. 2020-11-16 2020-11-30
10.0
None Remote Low Not required Complete Complete Complete
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
1122 CVE-2020-8270 78 Exec Code 2020-11-16 2020-12-03
9.0
None Remote Low ??? Complete Complete Complete
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
1123 CVE-2020-8269 269 Exec Code 2020-11-16 2020-12-03
9.0
None Remote Low ??? Complete Complete Complete
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
1124 CVE-2020-8234 613 2020-08-21 2020-08-31
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
1125 CVE-2020-8233 78 Exec Code 2020-08-17 2020-10-11
9.0
None Remote Low ??? Complete Complete Complete
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
1126 CVE-2020-8178 78 2020-07-15 2020-07-21
10.0
None Remote Low Not required Complete Complete Complete
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
1127 CVE-2020-8174 119 Overflow Mem. Corr. 2020-07-24 2021-01-20
9.3
None Remote Medium Not required Complete Complete Complete
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
1128 CVE-2020-8087 Exec Code 2020-01-27 2020-02-04
10.0
None Remote Low Not required Complete Complete Complete
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.
1129 CVE-2020-8010 20 Exec Code 2020-02-18 2020-07-31
10.0
None Remote Low Not required Complete Complete Complete
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
1130 CVE-2020-8001 798 2020-01-27 2020-01-30
10.0
None Remote Low Not required Complete Complete Complete
The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.
1131 CVE-2020-8000 798 2020-01-27 2020-01-31
10.0
None Remote Low Not required Complete Complete Complete
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
1132 CVE-2020-7998 434 2020-01-28 2020-02-04
9.0
None Remote Low ??? Complete Complete Complete
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.
1133 CVE-2020-7995 287 2020-01-26 2020-01-30
10.0
None Remote Low Not required Complete Complete Complete
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
1134 CVE-2020-7980 78 Exec Code 2020-01-25 2020-01-29
10.0
None Remote Low Not required Complete Complete Complete
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
1135 CVE-2020-7825 78 Exec Code 2020-07-17 2020-07-23
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.
1136 CVE-2020-7805 78 Exec Code 2020-05-07 2020-05-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.
1137 CVE-2020-7799 74 Exec Code 2020-01-28 2020-02-06
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
1138 CVE-2020-7772 2020-11-15 2020-11-30
10.0
None Remote Low Not required Complete Complete Complete
This affects the package doc-path before 2.1.2.
1139 CVE-2020-7745 94 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.
1140 CVE-2020-7594 78 Exec Code 2020-01-21 2020-01-29
9.0
None Remote Low ??? Complete Complete Complete
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function.
1141 CVE-2020-7505 494 Exec Code 2020-06-16 2020-06-17
9.0
None Remote Low ??? Complete Complete Complete
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.
1142 CVE-2020-7468 755 +Priv 2021-03-26 2021-04-01
9.0
None Remote Low ??? Complete Complete Complete
In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges.
1143 CVE-2020-7452 20 Exec Code 2020-04-29 2020-05-06
9.0
None Remote Low ??? Complete Complete Complete
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.
1144 CVE-2020-7384 77 Exec Code 2020-10-29 2021-02-03
9.3
None Remote Medium Not required Complete Complete Complete
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
1145 CVE-2020-7376 22 Dir. Trav. 2020-08-24 2020-09-02
10.0
None Remote Low Not required Complete Complete Complete
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
1146 CVE-2020-7361 78 2020-08-06 2020-08-10
9.0
None Remote Low ??? Complete Complete Complete
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system.
1147 CVE-2020-7357 78 Exec Code 2020-08-06 2020-08-11
9.0
None Remote Low ??? Complete Complete Complete
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
1148 CVE-2020-7356 89 Exec Code Sql 2020-08-06 2020-08-12
10.0
None Remote Low Not required Complete Complete Complete
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
1149 CVE-2020-7351 78 Exec Code 2020-05-01 2020-05-06
9.0
None Remote Low ??? Complete Complete Complete
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.
1150 CVE-2020-7247 252 Exec Code 2020-01-29 2021-04-06
10.0
None Remote Low Not required Complete Complete Complete
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.