CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2020

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-0558 311 1 2020-01-14 2020-01-24
5.0
 None Remote Low Not required None Partial None
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
2 CVE-2014-8347 287 1 Bypass 2020-02-11 2020-02-13
4.6
 None Local Low Not required Partial Partial Partial
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
3 CVE-2014-8322 787 1 Exec Code Overflow 2020-01-31 2020-02-05
7.5
 None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.
4 CVE-2014-5468 20 1 Exec Code +Info File Inclusion 2020-02-07 2020-02-11
6.8
 None Remote Medium Not required Partial Partial Partial
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
5 CVE-2014-5140 89 1 Sql 2020-01-03 2020-01-14
6.5
 None Remote Low ??? Partial Partial Partial
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book.
6 CVE-2014-5091 20 1 Exec Code 2020-02-07 2020-02-11
10.0
 None Remote Low Not required Complete Complete Complete
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
7 CVE-2014-4968 1 Exec Code 2020-02-12 2020-02-19
6.8
 None Remote Medium Not required Partial Partial Partial
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.
8 CVE-2014-4170 269 1 +Info 2020-02-13 2020-02-19
7.5
 None Remote Low Not required Partial Partial Partial
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
9 CVE-2014-4019 200 1 +Info 2020-02-20 2020-02-28
5.0
 None Remote Low Not required Partial None None
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
10 CVE-2013-7185 119 1 Overflow Mem. Corr. 2020-01-14 2020-01-24
6.8
 None Remote Medium Not required Partial Partial Partial
PotPlayer 1.5.40688: .avi File Memory Corruption
11 CVE-2013-7051 287 1 Bypass 2020-02-04 2020-02-04
6.8
 None Remote Medium Not required Partial Partial Partial
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
12 CVE-2013-6231 269 1 2020-01-10 2020-01-21
9.0
 None Remote Low ??? Complete Complete Complete
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
13 CVE-2013-6225 22 1 Exec Code Dir. Trav. 2020-01-13 2020-01-17
7.5
 None Remote Low Not required Partial Partial Partial
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
14 CVE-2013-5945 89 1 Exec Code Sql 2020-02-11 2021-04-23
10.0
 None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
15 CVE-2013-5656 787 1 Overflow 2020-01-07 2020-01-08
4.6
 None Local Low Not required Partial Partial Partial
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
16 CVE-2013-4865 352 1 CSRF 2020-01-28 2020-02-04
4.3
 None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
17 CVE-2013-4864 918 1 2020-01-28 2020-02-04
7.5
 None Remote Low Not required Partial Partial Partial
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
18 CVE-2013-4863 287 1 Exec Code 2020-01-28 2020-02-04
9.0
 None Remote Low ??? Complete Complete Complete
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
19 CVE-2013-4862 863 1 2020-01-28 2020-02-04
5.5
 None Remote Low ??? Partial Partial None
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
20 CVE-2013-4861 22 1 Dir. Trav. 2020-01-28 2020-02-04
4.0
 None Remote Low ??? Partial None None
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
21 CVE-2013-4211 94 1 Exec Code 2020-02-14 2020-02-19
7.5
 None Remote Low Not required Partial Partial Partial
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
22 CVE-2013-3629 1 Exec Code 2020-02-07 2020-02-10
6.5
 None Remote Low ??? Partial Partial Partial
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
23 CVE-2013-3628 74 1 Exec Code 2020-02-07 2020-02-10
6.5
 None Remote Low ??? Partial Partial Partial
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
24 CVE-2013-3591 434 1 Exec Code 2020-02-07 2020-02-11
6.5
 None Remote Low ??? Partial Partial Partial
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
25 CVE-2013-3568 352 1 CSRF 2020-02-06 2020-02-12
6.8
 None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
26 CVE-2013-3317 287 1 Bypass 2020-01-29 2020-02-01
10.0
 None Remote Low Not required Complete Complete Complete
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
27 CVE-2013-3316 287 1 Bypass 2020-01-29 2020-02-01
10.0
 None Remote Low Not required Complete Complete Complete
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
28 CVE-2013-3214 74 1 2020-01-28 2020-01-31
7.5
 None Remote Low Not required Partial Partial Partial
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
29 CVE-2013-3212 74 1 Exec Code 2020-01-28 2020-02-03
6.8
 None Remote Medium Not required Partial Partial Partial
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
30 CVE-2013-2748 434 1 2020-01-28 2020-02-05
7.5
 None Remote Low Not required Partial Partial Partial
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.
31 CVE-2013-2678 74 1 Exec Code +Info 2020-02-04 2020-02-07
6.8
 None Remote Medium Not required Partial Partial Partial
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
32 CVE-2013-2637 79 1 Exec Code XSS 2020-02-12 2020-02-18
4.3
 None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
33 CVE-2013-2574 863 1 +Info 2020-01-29 2020-02-04
5.0
 None Remote Low Not required Partial None None
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
34 CVE-2013-2572 798 1 Bypass 2020-01-29 2020-01-31
5.0
 None Remote Low Not required Partial None None
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
35 CVE-2013-2571 20 1 Exec Code 2020-01-28 2020-02-06
7.5
 None Remote Low Not required Partial Partial Partial
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
36 CVE-2013-2567 798 1 Bypass +Info 2020-01-29 2020-02-01
5.0
 None Remote Low Not required Partial None None
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
37 CVE-2013-2474 22 1 Dir. Trav. 2020-01-27 2020-01-29
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
38 CVE-2013-2294 79 1 XSS 2020-01-30 2020-01-31
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php.
39 CVE-2013-2097 1 Exec Code 2020-02-12 2020-02-24
9.3
 None Remote Medium Not required Complete Complete Complete
ZPanel through 10.1.0 has Remote Command Execution
40 CVE-2013-2010 74 1 Exec Code 2020-02-12 2020-02-14
7.5
 None Remote Low Not required Partial Partial Partial
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
41 CVE-2013-1599 78 1 Exec Code 2020-01-28 2021-04-27
10.0
 None Remote Low Not required Complete Complete Complete
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
42 CVE-2013-1594 200 1 +Info 2020-01-24 2020-01-28
5.0
 None Remote Low Not required Partial None None
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
43 CVE-2013-1592 120 1 Exec Code Overflow 2020-01-23 2020-01-31
10.0
 None Remote Low Not required Complete Complete Complete
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
44 CVE-2013-1360 287 1 Bypass 2020-02-11 2020-02-13
10.0
 None Remote Low Not required Complete Complete Complete
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
45 CVE-2013-1359 287 2 Bypass 2020-02-11 2020-02-14
10.0
 None Remote Low Not required Complete Complete Complete
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
46 CVE-2013-0803 434 1 Exec Code 2020-02-11 2020-02-14
7.5
 None Remote Low Not required Partial Partial Partial
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
47 CVE-2012-6614 862 1 2020-02-19 2020-03-05
9.0
 None Remote Low ??? Complete Complete Complete
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
48 CVE-2012-6613 1 2020-01-25 2020-01-30
9.0
 None Remote Low ??? Complete Complete Complete
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.
49 CVE-2012-5340 190 1 Overflow 2020-01-23 2020-01-28
6.8
 None Remote Medium Not required Partial Partial Partial
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
50 CVE-2012-4284 1 Exec Code 2020-01-10 2020-01-22
10.0
 None Remote Low Not required Complete Complete Complete
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.