7.2
CVE-2020-37078 - i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from tβ¦
6.9
CVE-2020-37077 - Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directβ¦
8.8
CVE-2020-37076 - Victor CMS 1.0 - 'post' SQL Injection
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, errβ¦
8.4
CVE-2020-37075 - LanSend 3.2 - Buffer Overflow (SEH)
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importβ¦
8.4
CVE-2020-37074 - Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode whenβ¦
8.6
CVE-2020-37073 - Victor CMS 1.0 - Authenticated Arbitrary File Upload
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file witβ¦
5.1
CVE-2020-37072 - Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.
9.3
CVE-2020-37071 - CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download fβ¦
8.6
CVE-2020-37070 - CloudMe 1.11.2 - Buffer Overflow (SEH,DEP,ASLR)
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
8.7
CVE-2020-37069 - Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.