Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2020
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-12-18
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-12-18
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-12-18
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.252
Published
2020-12-18
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
CVSS Score
5.4
EPSS Score
0.016
Published
2020-12-18
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.027
Published
2020-12-18
WeiPHP 5.0 does not properly restrict access to pages, related to using POST.
CVSS Score
7.5
EPSS Score
0.015
Published
2020-12-18
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
CVSS Score
9.8
EPSS Score
0.088
Published
2020-12-18
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).
CVSS Score
8.9
EPSS Score
0.011
Published
2020-12-18
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
CVSS Score
8.8
EPSS Score
0.015
Published
2020-12-18


Contact Us

Shodan ® - All rights reserved