The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.19%
Published
2020-02-28
Updated
2021-07-21

CVE-2020-9465

Public exploit
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.16%
Published
2020-02-28
Updated
2021-02-23
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Source: MITRE
Max CVSS
9.0
EPSS Score
70.94%
Published
2020-02-28
Updated
2020-03-03
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.09%
Published
2020-02-28
Updated
2020-03-02
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.10%
Published
2020-02-28
Updated
2020-03-04
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.13%
Published
2020-02-28
Updated
2021-12-21
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-28
Updated
2020-03-03
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.47%
Published
2020-02-27
Updated
2021-07-21
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.71%
Published
2020-02-27
Updated
2021-02-09
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.36%
Published
2020-02-27
Updated
2021-12-30
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-02-27
Updated
2021-07-21
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.09%
Published
2020-02-26
Updated
2023-09-28
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Source: MITRE
Max CVSS
9.8
EPSS Score
2.20%
Published
2020-02-26
Updated
2023-09-28
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-02-26
Updated
2023-09-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-02-28
Updated
2021-07-21
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.14%
Published
2020-02-25
Updated
2020-03-03
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
Source: MITRE
Max CVSS
7.2
EPSS Score
0.08%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-02-25
Updated
2022-04-18
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.10%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
Source: MITRE
Max CVSS
7.1
EPSS Score
0.05%
Published
2020-02-25
Updated
2022-10-29
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-02-24
Updated
2021-07-21
1394 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!