Total
11766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7867 | 1 Helpu | 1 Helpuviewer | 2024-11-21 | 4.6 MEDIUM | 8.0 HIGH |
| An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. | |||||
| CVE-2020-7866 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | |||||
| CVE-2020-7865 | 1 Inoguard | 1 Execm Coreb2b | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. | |||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | |||||
| CVE-2020-7862 | 1 Helpu | 4 Helpuftclient, Helpuftserver, Helpuserver and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.0 HIGH |
| A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process. | |||||
| CVE-2020-7857 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280. | |||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
| CVE-2020-7848 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | |||||
| CVE-2020-7842 | 1 Netu | 2 Wf2429tb, Wf2429tb Firmware | 2024-11-21 | 6.0 MEDIUM | 6.4 MEDIUM |
| Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10. | |||||
| CVE-2020-7841 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// | |||||
| CVE-2020-7839 | 1 Markany | 1 Maepsbroker | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter. | |||||
| CVE-2020-7838 | 2 Microsoft, Onstove | 2 Windows, Stove | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72. | |||||
| CVE-2020-7832 | 2 Dext5, Microsoft | 2 Dext5, Windows | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) | |||||
| CVE-2020-7830 | 1 Raonwiz | 1 Raon Kupload | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier. | |||||
| CVE-2020-7823 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7822 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7821 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-7820 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-7818 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||