Skip to main content
CVE-2020-8592 CRITICAL POC Act Now

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8591 CRITICAL POC Act Now

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eg Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8547 CRITICAL POC Act Now

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phplist
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-8508 CRITICAL POC Act Now

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Malware Cleaner
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8597 CRITICAL PATCH Act Now

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Point To Point Protocol Pfc Firmware Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
19.6%
CVE-2020-8510 CRITICAL Act Now

An issue was discovered in phpABook 0.9 Intermediate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Phpabook
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7471 CRITICAL PATCH Act Now

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python SQLi PostgreSQL Django
NVD GitHub
CVSS 3.1
9.8
EPSS
65.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy