Search

Search Results (362962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25271 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.4 Medium
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
CVE-2020-25270 1 Phpgurukul 1 Hostel Management System 2024-11-21 5.4 Medium
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
CVE-2020-25269 2 Debian, Inspircd 2 Debian Linux, Inspircd 2024-11-21 6.5 Medium
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
CVE-2020-25268 1 Ilias 1 Ilias 2024-11-21 8.8 High
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
CVE-2020-25267 1 Ilias 1 Ilias 2024-11-21 5.4 Medium
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
CVE-2020-25266 1 Appimage 1 Appimaged 2024-11-21 5.5 Medium
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.
CVE-2020-25265 1 Appimage 1 Libappimage 2024-11-21 6.5 Medium
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.
CVE-2020-25263 1 Pyrocms 1 Pyrocms 2024-11-21 7.1 High
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVE-2020-25262 1 Pyrocms 1 Pyrocms 2024-11-21 4.3 Medium
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
CVE-2020-25260 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
CVE-2020-25259 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
CVE-2020-25258 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.
CVE-2020-25257 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.
CVE-2020-25256 1 Hyland 1 Onbase 2024-11-21 9.1 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.
CVE-2020-25255 1 Hyland 1 Onbase 2024-11-21 7.5 High
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry.
CVE-2020-25254 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.
CVE-2020-25253 1 Hyland 1 Onbase 2024-11-21 9.8 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
CVE-2020-25252 1 Hyland 1 Onbase 2024-11-21 8.8 High
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).
CVE-2020-25251 1 Hyland 1 Onbase 2024-11-21 9.1 Critical
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
CVE-2020-25250 1 Hyland 1 Onbase 2024-11-21 7.5 High
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.