CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4891 89 Sql 2020-01-15 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
2 CVE-2006-7246 295 2020-01-27 2020-01-31
3.2
None Local Network High Not required Partial Partial None
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
3 CVE-2007-4773 415 2020-01-15 2020-01-23
7.5
None Remote Low Not required Partial Partial Partial
Systrace before 1.6.0 has insufficient escape policy enforcement.
4 CVE-2007-4774 362 Bypass 2020-01-15 2020-02-04
4.3
None Remote Medium Not required None Partial None
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
5 CVE-2007-6758 918 2020-01-23 2021-01-28
5.0
None Remote Low Not required Partial None None
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
6 CVE-2008-7314 400 DoS 2020-01-23 2020-01-27
5.0
None Remote Low Not required None None Partial
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
7 CVE-2009-1120 Exec Code 2020-01-15 2020-01-24
10.0
None Remote Low Not required Complete Complete Complete
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.
8 CVE-2009-3724 79 XSS 2020-01-15 2020-01-16
4.3
None Remote Medium Not required None Partial None
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.
9 CVE-2009-5025 640 2020-01-15 2020-01-23
5.0
None Remote Low Not required None Partial None
A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.
10 CVE-2009-5068 312 +Priv 2020-01-15 2020-01-23
3.5
None Remote Medium ??? Partial None None
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
11 CVE-2010-3048 476 DoS 2020-01-16 2020-01-24
5.0
None Remote Low Not required None None Partial
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.
12 CVE-2010-3282 312 +Info 2020-01-09 2020-01-29
1.9
None Local Medium Not required Partial None None
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
13 CVE-2010-3782 863 2020-01-02 2020-01-14
6.5
None Remote Low ??? Partial Partial Partial
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
14 CVE-2011-2668 2020-01-21 2020-01-23
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header
15 CVE-2011-2669 295 2020-01-21 2020-01-23
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
16 CVE-2011-2670 79 XSS 2020-01-13 2020-01-14
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
17 CVE-2011-2706 79 XSS 2020-01-14 2020-01-16
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
18 CVE-2011-2714 79 XSS 2020-01-14 2020-01-23
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
19 CVE-2011-2715 89 Sql 2020-01-14 2020-01-24
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
20 CVE-2011-2933 434 2020-01-14 2020-01-21
6.5
None Remote Low ??? Partial Partial Partial
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
21 CVE-2011-2934 352 CSRF 2020-01-14 2020-01-17
6.8
None Remote Medium Not required Partial Partial Partial
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
22 CVE-2011-3183 79 XSS 2020-01-14 2021-07-15
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.
23 CVE-2011-3202 79 XSS 2020-01-14 2020-01-16
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
24 CVE-2011-3203 20 Exec Code 2020-01-14 2020-01-17
7.5
None Remote Low Not required Partial Partial Partial
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
25 CVE-2011-3582 352 CSRF 2020-01-22 2020-01-27
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.
26 CVE-2011-3595 79 XSS 2020-01-22 2020-01-24
3.5
None Remote Medium ??? None Partial None
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
27 CVE-2011-3610 79 XSS 2020-01-22 2020-06-23
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
28 CVE-2011-3611 20 File Inclusion 2020-01-22 2020-01-29
9.0
None Remote Low ??? Complete Complete Complete
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
29 CVE-2011-3612 352 CSRF 2020-01-22 2020-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
30 CVE-2011-3613 200 +Info 2020-01-22 2020-01-28
5.0
None Remote Low Not required Partial None None
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
31 CVE-2011-3614 2020-01-22 2020-01-28
7.5
None Remote Low Not required Partial Partial Partial
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
32 CVE-2011-3621 2020-01-22 2020-01-30
7.5
None Remote Low Not required Partial Partial Partial
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
33 CVE-2011-3622 79 XSS 2020-01-22 2020-01-24
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
34 CVE-2011-4088 200 +Info 2020-01-31 2020-02-05
5.0
None Remote Low Not required Partial None None
ABRT might allow attackers to obtain sensitive information from crash reports.
35 CVE-2011-4094 89 Sql 2020-01-21 2020-01-23
7.5
None Remote Low Not required Partial Partial Partial
Jara 1.6 has a SQL injection vulnerability.
36 CVE-2011-4095 79 XSS 2020-01-21 2020-01-23
4.3
None Remote Medium Not required None Partial None
Jara 1.6 has an XSS vulnerability
37 CVE-2011-4115 2020-01-31 2020-02-05
6.4
None Remote Low Not required None Partial Partial
Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.
38 CVE-2011-4116 59 2020-01-31 2020-02-05
5.0
None Remote Low Not required None Partial None
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
39 CVE-2011-4117 2020-01-31 2020-02-05
5.0
None Remote Low Not required None Partial None
The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.
40 CVE-2011-4322 306 2020-01-21 2020-01-29
5.0
None Remote Low Not required Partial None None
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
41 CVE-2011-4336 79 XSS 2020-01-15 2020-01-21
4.3
None Remote Medium Not required None Partial None
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
42 CVE-2011-4558 74 Exec Code 2020-01-27 2020-01-30
6.0
None Remote Medium ??? Partial Partial Partial
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
43 CVE-2011-4595 79 XSS 2020-01-10 2020-01-13
4.3
None Remote Medium Not required None Partial None
Pretty-Link WordPress plugin 1.5.2 has XSS
44 CVE-2011-4907 434 2020-01-15 2020-01-22
5.0
None Remote Low Not required Partial None None
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
45 CVE-2011-4943 Exec Code 2020-01-22 2020-01-24
7.5
None Remote Low Not required Partial Partial Partial
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
46 CVE-2011-5018 79 XSS 2020-01-08 2020-01-14
4.3
None Remote Medium Not required None Partial None
Koala Framework before 2011-11-21 has XSS via the request_uri parameter.
47 CVE-2011-5020 89 Sql 2020-01-10 2020-01-14
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.
48 CVE-2011-5247 312 2020-01-08 2020-01-21
5.0
None Remote Low Not required Partial None None
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.
49 CVE-2011-5250 352 CSRF 2020-01-08 2020-01-15
4.3
None Remote Medium Not required None Partial None
Snare for Linux before 1.7.0 has CSRF in the web interface.
50 CVE-2011-5266 89 Sql Bypass 2020-01-08 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
Total number of vulnerabilities : 1656   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.