Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-03 | CVE-2020-24160 | Untrusted Search Path vulnerability in Tencent TIM 3.0.0.21315 Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | 4.4 |
| 2020-09-03 | CVE-2020-24159 | Untrusted Search Path vulnerability in 163 Netease Youdao Dictionary 8.9.2.0 NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. | 4.4 |
| 2020-09-03 | CVE-2020-24158 | Untrusted Search Path vulnerability in 360 Speed Browser 12.0.1247.0 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | 4.4 |
| 2020-09-03 | CVE-2020-23814 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | 4.3 |
| 2020-09-03 | CVE-2020-23811 | Information Exposure vulnerability in Xuxueli Xxl-Job 2.2.0 xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | 5.0 |
| 2020-09-03 | CVE-2020-25105 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Eramba 2.19.3/2.8.1 eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities). | 5.0 |
| 2020-09-03 | CVE-2020-25104 | Cross-site Scripting vulnerability in Eramba 2.19.3/2.8.1 eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. | 3.5 |
| 2020-09-03 | CVE-2020-25068 | Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2 Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. | 5.0 |
| 2020-09-03 | CVE-2020-25042 | Unrestricted Upload of File with Dangerous Type vulnerability in Maracms 7.5 An arbitrary file upload issue exists in Mara CMS 7.5. | 7.2 |
| 2020-09-03 | CVE-2020-24948 | Unrestricted Upload of File with Dangerous Type vulnerability in Autoptimize The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | 6.5 |