Skip to main content
CVE-2020-8592 CRITICAL POC Act Now

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8591 CRITICAL POC Act Now

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8547 CRITICAL POC Act Now

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phplist
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-8508 CRITICAL POC Act Now

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Malware Cleaner
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8549 MEDIUM POC This Month

Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Strong Testimonials
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-8548 MEDIUM POC This Month

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Masscode
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-8597 CRITICAL PATCH Act Now

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Point To Point Protocol Pfc Firmware Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
19.6%
CVE-2020-8510 CRITICAL Act Now

An issue was discovered in phpABook 0.9 Intermediate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Phpabook
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7471 CRITICAL PATCH Act Now

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python SQLi PostgreSQL Django
NVD GitHub
CVSS 3.1
9.8
EPSS
65.3%
CVE-2020-3925 HIGH This Week

A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Servisign
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-8545 HIGH PATCH This Week

Global.py in AIL framework 2.8 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Ail Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-3927 HIGH This Week

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Servisign
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-3926 HIGH This Week

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Servisign
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-5182 MEDIUM This Month

The J-BusinessDirectory extension before 5.2.9 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation J Businessdirectory
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4224 MEDIUM PATCH This Month

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Storediq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-7993 MEDIUM This Month

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prototype
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy