cve-2020-24135 vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML....

Gowebsolutions Wp Customer Reviews

4.6

CVSSv2

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights....

Kaspersky Kaspersky Internet Security 2019 Kaspersky Secure Connection 3.0 Kaspersky Secure Connection 4.0 Kaspersky Security Cloud 2019 Kaspersky Security Cloud 2020 Kaspersky Total Security 2019 Kaspersky Total Security 20201 Github repository available

4

CVSSv2

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded...

Microstrategy Microstrategy 10.4 Microstrategy Microstrategy 2019 Microstrategy Microstrategy 2020

5

CVSSv2

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x...

Php Php 5.5.0 Php Php 5.5.1 Php Php 5.5.2 Php Php 5.5.3 Php Php 5.5.4 Php Php 5.5.5 Php Php 5.5.6 Php Php 5.5.7 Php Php

5.8

CVSSv2

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a...

Trendmicro Antivirus 2019 Trendmicro Antivirus 2020

7.5

CVSSv2

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter....

Webexcels Ecommerce Cms 2017 Webexcels Ecommerce Cms 2018 Webexcels Ecommerce Cms 2019 Webexcels Ecommerce Cms 2020

4.6

CVSSv2

Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access....

Intel Advisor Tools Intel Advisor Tools 2020

5

CVSSv2

Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700....

3com 3c15100d 5.0.2

6.8

CVSSv2

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and...

E107 E107 0.7.11 Labgab Labgab 1.1 My123tkshop E-commerce-suite 0.9.1 Opendb Opendb 1.5.0b4 Php-nuke Php-nuke 8.1 Phpmybittorrent Phpmybittorrent 1.2.2 Phpnuke Php-nuke 7.0 Torrentflux Torrentflux 2.3 Webze Webze 0.5.9

9

CVSSv2

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The...

Solarwinds Network Performance Monitor 2020 Solarwinds Network Performance Monitor 2020.2

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook