CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2020-26820 434 Exec Code 2020-11-10 2021-04-06
9.0
None Remote Low ??? Complete Complete Complete
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.
1002 CVE-2020-26712 89 Sql 2021-01-12 2021-07-01
10.0
None Remote Low Not required Complete Complete Complete
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.
1003 CVE-2020-26596 20 Exec Code 2020-10-07 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role.
1004 CVE-2020-26582 77 Exec Code 2020-10-06 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
1005 CVE-2020-26574 79 Exec Code XSS 2020-10-06 2020-10-22
9.3
None Remote Medium Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
1006 CVE-2020-26548 Exec Code 2020-11-17 2020-11-30
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
1007 CVE-2020-26507 1236 Exec Code 2020-11-05 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC.
1008 CVE-2020-26217 78 Exec Code 2020-11-16 2021-10-20
9.3
None Remote Medium Not required Complete Complete Complete
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
1009 CVE-2020-26201 521 2020-12-10 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
1010 CVE-2020-26167 200 +Info 2020-11-04 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
1011 CVE-2020-26124 94 Exec Code 2020-10-02 2020-11-25
9.0
None Remote Low ??? Complete Complete Complete
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
1012 CVE-2020-26118 78 Exec Code 2021-01-11 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
1013 CVE-2020-26097 522 2020-11-18 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
1014 CVE-2020-26085 78 +Priv 2021-01-07 2021-01-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
1015 CVE-2020-26075 89 Sql 2020-11-18 2020-11-25
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.
1016 CVE-2020-25989 269 Exec Code 2020-11-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
1017 CVE-2020-25849 78 Exec Code 2020-11-01 2020-11-13
9.0
None Remote Low ??? Complete Complete Complete
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
1018 CVE-2020-25848 522 2020-12-31 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
1019 CVE-2020-25803 913 Exec Code 2020-10-06 2020-10-09
9.0
None Remote Low ??? Complete Complete Complete
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
1020 CVE-2020-25802 913 Exec Code 2020-10-06 2020-10-09
9.0
None Remote Low ??? Complete Complete Complete
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
1021 CVE-2020-25787 20 2020-09-19 2021-03-15
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
1022 CVE-2020-25759 20 Exec Code 2020-12-15 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
1023 CVE-2020-25758 354 2020-12-15 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
1024 CVE-2020-25749 798 2020-09-25 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
1025 CVE-2020-25747 287 2020-09-25 2021-07-21
9.0
None Remote Low Not required Partial Partial Complete
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
1026 CVE-2020-25654 284 Bypass 2020-11-24 2021-03-04
9.0
None Remote Low ??? Complete Complete Complete
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
1027 CVE-2020-25618 78 2020-12-16 2020-12-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).
1028 CVE-2020-25617 22 Exec Code Dir. Trav. 2020-12-16 2020-12-18
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.
1029 CVE-2020-25583 120 Overflow 2021-03-29 2021-06-03
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
1030 CVE-2020-25577 120 Overflow 2021-03-29 2021-06-03
10.0
None Remote Low Not required Complete Complete Complete
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
1031 CVE-2020-25537 434 2020-11-30 2020-12-04
10.0
None Remote Low Not required Complete Complete Complete
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
1032 CVE-2020-25499 77 Exec Code 2020-12-09 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
1033 CVE-2020-25228 306 2020-12-14 2020-12-16
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.
1034 CVE-2020-25226 122 Overflow 2021-01-12 2021-09-14
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
1035 CVE-2020-25223 Exec Code 2020-09-25 2021-11-02
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
1036 CVE-2020-25218 287 Bypass 2021-03-29 2021-03-31
10.0
None Remote Low Not required Complete Complete Complete
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
1037 CVE-2020-25217 77 2021-03-29 2021-03-31
9.0
None Remote Low ??? Complete Complete Complete
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
1038 CVE-2020-25214 2020-10-16 2020-10-28
9.3
None Remote Medium Not required Complete Complete Complete
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.
1039 CVE-2020-25207 Exec Code 2020-11-16 2020-11-21
10.0
None Remote Low Not required Complete Complete Complete
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
1040 CVE-2020-25206 78 Exec Code 2021-07-20 2021-07-30
9.0
None Remote Low ??? Complete Complete Complete
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
1041 CVE-2020-25187 787 Exec Code Overflow 2020-12-14 2020-12-15
10.0
None Remote Low Not required Complete Complete Complete
Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.
1042 CVE-2020-25106 434 2020-12-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
1043 CVE-2020-25094 74 2020-12-17 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.
1044 CVE-2020-25079 2020-09-02 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.
1045 CVE-2020-25036 78 2021-02-02 2021-02-04
9.0
None Remote Low ??? Complete Complete Complete
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
1046 CVE-2020-24986 434 Exec Code 2020-09-04 2021-11-01
9.0
None Remote Low ??? Complete Complete Complete
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
1047 CVE-2020-24949 269 Exec Code 2020-09-03 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
1048 CVE-2020-24916 78 2020-09-09 2020-10-17
10.0
None Remote Low Not required Complete Complete Complete
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
1049 CVE-2020-24786 287 Bypass 2020-08-31 2020-09-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.
1050 CVE-2020-24719 78 Exec Code 2020-11-12 2020-11-30
10.0
None Remote Low Not required Complete Complete Complete
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.