CWE:
 

Topic
Date
Author
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


CVEMAP Search Results

CVE
Details
Description
2020-06-30
Medium
CVE-2020-5601

Vendor: NTA
Software: E-tax recept...
 

 
Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.

 
2020-06-29
Medium
CVE-2020-15362

Vendor: Thingssdk
Software: Wifiscanner
 

 
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.

 
2020-06-24
Medium
CVE-2020-14095

Updating...
 

 
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.

 
Medium
CVE-2020-14094

Updating...
 

 
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.

 
Medium
CVE-2020-10561

Updating...
 

 
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.

 
2020-06-23
Medium
CVE-2020-12782

Vendor: Openfind
Software: Mailaudit
 

 
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.

 
2020-06-21
Low
CVE-2020-14954

Vendor: MUTT
Software: MUTT
 

 
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

 
2020-06-19
Medium
CVE-2018-21258

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.

 
Medium
CVE-2020-9495

Vendor: Apache
Software: Archiva
 

 
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

 
Medium
CVE-2017-18900

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top