• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2020-14065

February 26, 2023 by

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.

CVE-2020-14066

February 26, 2023 by

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

CVE-2020-14067

February 26, 2023 by

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

CVE-2020-14008

February 26, 2023 by

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.

CVE-2020-14022

February 26, 2023 by

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts (“Import Contacts” functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the “Application Starter” module) within the application.

CVE-2020-13994

February 26, 2023 by

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 60
  • Go to page 61
  • Go to page 62
  • Go to page 63
  • Go to page 64
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE