CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2020-25578 200 +Info 2021-03-26 2021-06-03
5.0
None Remote Low Not required Partial None None
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
702 CVE-2020-24285 +Info 2021-04-12 2021-09-09
5.0
None Remote Low Not required Partial None None
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
703 CVE-2020-23995 200 +Info 2021-05-13 2021-05-21
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
704 CVE-2020-23768 200 +Info 2021-05-21 2021-05-27
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers.
705 CVE-2020-23162 311 +Info 2021-01-26 2021-07-21
5.0
None Remote Low Not required Partial None None
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
706 CVE-2020-23148 74 +Info 2021-08-09 2021-08-12
5.0
None Remote Low Not required Partial None None
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
707 CVE-2020-22176 200 +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
708 CVE-2020-22175 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
709 CVE-2020-22174 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
710 CVE-2020-22173 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
711 CVE-2020-22172 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
712 CVE-2020-22171 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
713 CVE-2020-22170 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
714 CVE-2020-22169 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
715 CVE-2020-22168 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
716 CVE-2020-22166 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
717 CVE-2020-22165 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
718 CVE-2020-22164 89 Sql +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
719 CVE-2020-22015 120 DoS Exec Code Overflow +Info 2021-05-26 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
720 CVE-2020-21994 522 Bypass +Info 2021-04-28 2021-05-19
7.5
None Remote Low Not required Partial Partial Partial
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
721 CVE-2020-21088 79 XSS +Info 2021-04-14 2021-04-21
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
722 CVE-2020-20583 89 Sql +Info 2021-07-08 2021-07-12
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.
723 CVE-2020-20474 89 Sql +Info 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
724 CVE-2020-20473 89 Sql +Info 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
725 CVE-2020-20472 306 +Info 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
726 CVE-2020-20470 200 +Info 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
727 CVE-2020-20469 89 Sql +Info 2021-06-21 2021-06-23
5.0
None Remote Low Not required Partial None None
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
728 CVE-2020-20467 200 +Info 2021-06-21 2021-06-23
6.4
None Remote Low Not required Partial Partial None
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
729 CVE-2020-19419 287 +Info 2021-03-10 2021-03-18
5.0
None Remote Low Not required Partial None None
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
730 CVE-2020-19363 200 +Info 2021-01-20 2021-01-22
4.3
None Remote Medium Not required Partial None None
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
731 CVE-2020-19360 200 +Info File Inclusion 2021-01-20 2021-07-21
5.0
None Remote Low Not required Partial None None
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
732 CVE-2020-19275 20 +Info 2021-05-12 2021-05-20
5.0
None Remote Low Not required Partial None None
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.
733 CVE-2020-19155 22 Exec Code Dir. Trav. +Info 2021-09-15 2021-09-23
6.5
None Remote Low ??? Partial Partial Partial
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
734 CVE-2020-19154 863 +Info 2021-09-15 2021-09-23
4.0
None Remote Low ??? Partial None None
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
735 CVE-2020-19150 863 DoS +Info 2021-09-15 2021-09-23
5.5
None Remote Low ??? Partial None Partial
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
736 CVE-2020-19146 22 Dir. Trav. +Info 2021-09-15 2021-09-23
4.0
None Remote Low ??? Partial None None
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
737 CVE-2020-19111 269 Bypass +Info 2021-05-06 2021-05-10
7.5
None Remote Low Not required Partial Partial Partial
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
738 CVE-2020-18972 668 +Info 2021-08-25 2021-09-07
4.3
None Remote Medium Not required Partial None None
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.
739 CVE-2020-18878 22 Dir. Trav. +Info 2021-08-20 2021-08-24
5.0
None Remote Low Not required Partial None None
Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.
740 CVE-2020-18877 89 Sql +Info 2021-08-20 2021-08-23
5.0
None Remote Low Not required Partial None None
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
741 CVE-2020-18701 863 +Priv +Info 2021-08-16 2021-08-23
7.5
None Remote Low Not required Partial Partial Partial
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
742 CVE-2020-18694 352 +Priv +Info CSRF 2021-08-06 2021-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile".
743 CVE-2020-18647 668 +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".
744 CVE-2020-18646 668 +Info 2021-06-22 2021-06-24
5.0
None Remote Low Not required Partial None None
Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".
745 CVE-2020-18268 601 +Info 2021-06-07 2021-06-15
5.8
None Remote Medium Not required Partial Partial None
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
746 CVE-2020-18220 326 +Info 2021-05-20 2021-05-24
5.0
None Remote Low Not required Partial None None
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
747 CVE-2020-18022 79 Exec Code XSS +Info 2021-04-28 2021-05-10
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
748 CVE-2020-18019 Sql +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
749 CVE-2020-17508 200 +Info 2021-01-11 2021-07-21
5.0
None Remote Low Not required Partial None None
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
750 CVE-2020-16042 200 +Info 2021-01-08 2021-07-21
4.3
None Remote Medium Not required Partial None None
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.