| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1359 |
287 |
2
|
Bypass |
2020-02-11 |
2020-02-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. |
|
2 |
CVE-2014-8347 |
287 |
1
|
Bypass |
2020-02-11 |
2020-02-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. |
|
3 |
CVE-2014-5468 |
20 |
1
|
Exec Code +Info File Inclusion |
2020-02-07 |
2020-02-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. |
|
4 |
CVE-2014-5091 |
20 |
1
|
Exec Code |
2020-02-07 |
2020-02-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. |
|
5 |
CVE-2014-4968 |
|
1
|
Exec Code |
2020-02-12 |
2020-02-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. |
|
6 |
CVE-2014-4170 |
269 |
1
|
+Info |
2020-02-13 |
2020-02-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. |
|
7 |
CVE-2014-4019 |
200 |
1
|
+Info |
2020-02-20 |
2020-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. |
|
8 |
CVE-2013-7051 |
287 |
1
|
Bypass |
2020-02-04 |
2020-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters |
|
9 |
CVE-2013-5945 |
89 |
1
|
Exec Code Sql |
2020-02-11 |
2021-04-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. |
|
10 |
CVE-2013-4211 |
94 |
1
|
Exec Code |
2020-02-14 |
2020-02-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code |
|
11 |
CVE-2013-3629 |
|
1
|
Exec Code |
2020-02-07 |
2020-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution |
|
12 |
CVE-2013-3628 |
74 |
1
|
Exec Code |
2020-02-07 |
2020-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability |
|
13 |
CVE-2013-3591 |
434 |
1
|
Exec Code |
2020-02-07 |
2020-02-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability |
|
14 |
CVE-2013-3568 |
352 |
1
|
CSRF |
2020-02-06 |
2020-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. |
|
15 |
CVE-2013-2678 |
74 |
1
|
Exec Code +Info |
2020-02-04 |
2020-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. |
|
16 |
CVE-2013-2637 |
79 |
1
|
Exec Code XSS |
2020-02-12 |
2020-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. |
|
17 |
CVE-2013-2097 |
|
1
|
Exec Code |
2020-02-12 |
2020-02-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ZPanel through 10.1.0 has Remote Command Execution |
|
18 |
CVE-2013-2010 |
74 |
1
|
Exec Code |
2020-02-12 |
2020-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability |
|
19 |
CVE-2013-1360 |
287 |
1
|
Bypass |
2020-02-11 |
2020-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. |
|
20 |
CVE-2013-0803 |
434 |
1
|
Exec Code |
2020-02-11 |
2020-02-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. |
|
21 |
CVE-2012-6614 |
862 |
1
|
|
2020-02-19 |
2020-03-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. |
|
22 |
CVE-2012-2629 |
352 |
1
|
XSS CSRF |
2020-02-20 |
2020-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php. |
|
23 |
CVE-2012-2593 |
79 |
1
|
XSS |
2020-02-06 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. |
|
24 |
CVE-2012-1124 |
89 |
1
|
Exec Code Sql |
2020-02-11 |
2020-02-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |
|
25 |
CVE-2020-9466 |
74 |
|
|
2020-02-28 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. |
|
26 |
CVE-2020-9465 |
89 |
|
Sql Bypass |
2020-02-28 |
2020-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. |
|
27 |
CVE-2020-9463 |
78 |
|
Exec Code |
2020-02-28 |
2020-03-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. |
|
28 |
CVE-2020-9459 |
79 |
|
XSS |
2020-02-28 |
2020-03-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. |
|
29 |
CVE-2020-9449 |
330 |
|
|
2020-02-28 |
2020-03-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. |
|
30 |
CVE-2020-9447 |
79 |
|
XSS |
2020-02-28 |
2021-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking. |
|
31 |
CVE-2020-9442 |
281 |
|
+Priv |
2020-02-28 |
2020-03-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. |
|
32 |
CVE-2020-9434 |
295 |
|
|
2020-02-27 |
2020-02-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. |
|
33 |
CVE-2020-9433 |
295 |
|
|
2020-02-27 |
2020-02-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. |
|
34 |
CVE-2020-9432 |
295 |
|
|
2020-02-27 |
2020-02-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. |
|
35 |
CVE-2020-9431 |
400 |
|
|
2020-02-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. |
|
36 |
CVE-2020-9430 |
20 |
|
|
2020-02-27 |
2021-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. |
|
37 |
CVE-2020-9429 |
476 |
|
|
2020-02-27 |
2021-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. |
|
38 |
CVE-2020-9428 |
74 |
|
|
2020-02-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. |
|
39 |
CVE-2020-9407 |
200 |
|
+Info |
2020-02-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. |
|
40 |
CVE-2020-9406 |
74 |
|
|
2020-02-26 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. |
|
41 |
CVE-2020-9405 |
79 |
|
XSS |
2020-02-26 |
2020-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. |
|
42 |
CVE-2020-9399 |
863 |
|
Bypass |
2020-02-28 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux. |
|
43 |
CVE-2020-9398 |
89 |
|
Sql |
2020-02-25 |
2020-03-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. |
|
44 |
CVE-2020-9394 |
352 |
|
CSRF |
2020-02-25 |
2020-02-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. |
|
45 |
CVE-2020-9393 |
79 |
|
XSS |
2020-02-25 |
2020-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. |
|
46 |
CVE-2020-9391 |
787 |
|
Mem. Corr. |
2020-02-25 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. |
|
47 |
CVE-2020-9385 |
476 |
|
|
2020-02-25 |
2020-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. |
|
48 |
CVE-2020-9383 |
125 |
|
|
2020-02-25 |
2021-01-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. |
|
49 |
CVE-2020-9382 |
732 |
|
|
2020-02-24 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function. |
|
50 |
CVE-2020-9381 |
668 |
|
Exec Code |
2020-02-24 |
2020-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. |
