Export limit exceeded: 45652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29383 | 1 Vsolcn | 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. | ||||
| CVE-2020-29382 | 1 Vsolcn | 6 V1600d, V1600d Firmware, V1600g1 and 3 more | 2024-11-21 | 7.8 High |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. | ||||
| CVE-2020-29377 | 1 Vsolcn | 2 V1600d, V1600d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. | ||||
| CVE-2020-29376 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. | ||||
| CVE-2020-29375 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 8.8 High |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | ||||
| CVE-2020-29364 | 1 Netartmedia | 1 News Lister | 2024-11-21 | 4.8 Medium |
| In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. | ||||
| CVE-2020-29323 | 1 Dlink | 2 Dir-885l-mfc, Dir-885l-mfc Firmware | 2024-11-21 | 7.5 High |
| The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29322 | 1 Dlink | 2 Dir-880l, Dir-880l Firmware | 2024-11-21 | 7.5 High |
| The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29321 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | 7.5 High |
| The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. | ||||
| CVE-2020-29315 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 5.4 Medium |
| ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | ||||
| CVE-2020-29304 | 1 Directoriespro | 1 Directories Pro | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. | ||||
| CVE-2020-29303 | 1 Directoriespro | 1 Directories Pro | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token. | ||||
| CVE-2020-29259 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. | ||||
| CVE-2020-29258 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. | ||||
| CVE-2020-29257 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. | ||||
| CVE-2020-29250 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.1 Medium |
| CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. | ||||
| CVE-2020-29249 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.1 Medium |
| CXUUCMS V3 allows class="layui-input" XSS. | ||||
| CVE-2020-29247 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 4.8 Medium |
| WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload. | ||||
| CVE-2020-29241 | 1 Online News Portal Project | 1 Online News Portal | 2024-11-21 | 4.8 Medium |
| Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter. | ||||
| CVE-2020-29240 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 4.8 Medium |
| Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. | ||||