The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2020-20490 | A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS). | MEDIUM | Sep 1, 2021 |
CVE-2020-20486 | IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr. | MEDIUM | Sep 1, 2021 |
CVE-2020-20474 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | MEDIUM | Jun 23, 2021 |
CVE-2020-20473 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | MEDIUM | Jun 23, 2021 |
CVE-2020-20472 | White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. | MEDIUM | Jun 23, 2021 |
CVE-2020-20471 | White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | HIGH | Jun 23, 2021 |
CVE-2020-20470 | White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | MEDIUM | Jun 23, 2021 |
CVE-2020-20469 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. | MEDIUM | Jun 23, 2021 |
CVE-2020-20468 | White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | MEDIUM | Jun 21, 2021 |
CVE-2020-20467 | White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | MEDIUM | Jun 21, 2021 |
CVE-2020-20466 | White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | HIGH | Jun 21, 2021 |
CVE-2020-20453 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service | MEDIUM | May 26, 2021 |
CVE-2020-20451 | Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. | MEDIUM | May 28, 2021 |
CVE-2020-20450 | FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. | MEDIUM | May 27, 2021 |
CVE-2020-20448 | FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. | MEDIUM | May 27, 2021 |
CVE-2020-20446 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. | MEDIUM | May 27, 2021 |
CVE-2020-20445 | FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. | MEDIUM | May 26, 2021 |
CVE-2020-20444 | Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected \'file\' GET parameter in \'/shared/view_source.php\' which could lead to RCE vulnerability . | MEDIUM | Jun 16, 2021 |
CVE-2020-20426 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | MEDIUM | Dec 23, 2021 |
CVE-2020-20425 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | MEDIUM | Dec 23, 2021 |
CVE-2020-20413 | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | -- | Jun 20, 2023 |
CVE-2020-20412 | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146. | MEDIUM | Dec 26, 2020 |
CVE-2020-20406 | A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | LOW | Sep 18, 2020 |
CVE-2020-20402 | Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | -- | Jan 31, 2023 |
CVE-2020-20392 | SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | HIGH | Jun 25, 2021 |
CVE-2020-20391 | Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. | LOW | Jun 25, 2021 |
CVE-2020-20389 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. | LOW | Jun 25, 2021 |
CVE-2020-20363 | Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. | LOW | Jul 8, 2021 |
CVE-2020-20349 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. | LOW | Sep 2, 2021 |
CVE-2020-20348 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. | LOW | Sep 2, 2021 |
CVE-2020-20347 | WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. | LOW | Sep 2, 2021 |
CVE-2020-20345 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. | LOW | Sep 2, 2021 |
CVE-2020-20344 | WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. | LOW | Sep 2, 2021 |
CVE-2020-20343 | WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | MEDIUM | Sep 2, 2021 |
CVE-2020-20341 | YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | MEDIUM | Sep 2, 2021 |
CVE-2020-20340 | A SQL injection vulnerability in the 4.edu.php\\conn\\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | MEDIUM | Sep 2, 2021 |
CVE-2020-20335 | Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. | -- | Jun 20, 2023 |
CVE-2020-20300 | SQL injection vulnerability in the wp_where function in WeiPHP 5.0. | HIGH | Dec 18, 2020 |
CVE-2020-20299 | WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | MEDIUM | Dec 18, 2020 |
CVE-2020-20298 | Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | HIGH | Dec 18, 2020 |
CVE-2020-20296 | An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | HIGH | Feb 2, 2021 |
CVE-2020-20295 | An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | HIGH | Feb 2, 2021 |
CVE-2020-20294 | An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | HIGH | Feb 2, 2021 |
CVE-2020-20290 | Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions\' improper judgment of the request parameters, triggers a directory traversal vulnerability. | MEDIUM | Feb 4, 2021 |
CVE-2020-20289 | Sql injection vulnerability in the yccms 3.3 project. The no_top function\'s improper judgment of the request parameters, triggers a sql injection vulnerability. | HIGH | Feb 3, 2021 |
CVE-2020-20287 | Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function\'s improper judgment of the request parameters, triggers remote code execution. | HIGH | Feb 4, 2021 |
CVE-2020-20285 | There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | LOW | Dec 18, 2020 |
CVE-2020-20277 | There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c\'s compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | HIGH | Dec 18, 2020 |
CVE-2020-20276 | An unauthenticated stack-based buffer overflow vulnerability in common.c\'s handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | HIGH | Dec 18, 2020 |
CVE-2020-20269 | A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | HIGH | Jan 30, 2021 |