0
CVE-2020-37004 - Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progrβ¦
0
CVE-2020-37002 - Ajenti 2.1.36 - Remote Code Execution
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
0
CVE-2020-37001 - Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses β¦
0
CVE-2020-37000 - Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achievβ¦
8.8
CVE-2020-36999 - elaniin CMS 1.0 - Authentication Bypass
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthoriβ¦
0
CVE-2020-36997 - BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining β¦
0
CVE-2020-36995 - Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal funβ¦
0
CVE-2020-36994 - QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
6.9
CVE-2026-1590 - itsourcecode School Management System index.php sql injection
A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be useβ¦
6.9
CVE-2026-1589 - itsourcecode School Management System index.php sql injection
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and β¦