• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-74

CVE-2020-12855

February 26, 2023 by

A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.

CVE-2020-12873

February 26, 2023 by

An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.

CVE-2020-12736

February 26, 2023 by

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.

CVE-2020-12108

February 26, 2023 by

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

CVE-2020-11994

February 26, 2023 by

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

CVE-2020-11814

February 26, 2023 by

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 24
  • Go to page 25
  • Go to page 26
  • Go to page 27
  • Go to page 28
  • Interim pages omitted …
  • Go to page 94
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE