5.1
CVE-2020-37145 - HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accoβ¦
5.1
CVE-2020-37144 - Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without thβ¦
4.6
CVE-2020-37143 - ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful β¦
8.4
CVE-2020-37142 - 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to triggerβ¦
4.6
CVE-2020-37140 - Everest 5.50.2100 - 'Open File' Denial of Service
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger β¦
4.6
CVE-2020-37139 - Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application β¦
8.4
CVE-2020-37138 - 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypasβ¦
8.6
CVE-2020-37137 - PHP-Fusion 9.03.50 - 'panels.php' Eval Injection
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to theβ¦
6.7
CVE-2020-37136 - ZOC Terminal v7.25.5 - 'Private key file' Denial of Service
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSHβ¦
4.6
CVE-2020-37134 - UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.