Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2019-15709 | Improper Input Validation vulnerability in Fortinet Fortiap-S, Fortiap-U and Fortiap-W2 An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | 8.5 |
| 2020-06-01 | CVE-2014-8945 | OS Command Injection vulnerability in Piwigo Lexiglot 20141110 admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 7.5 |
| 2020-06-01 | CVE-2014-8941 | SQL Injection vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | 7.5 |
| 2020-06-01 | CVE-2014-7175 | Out-of-bounds Write vulnerability in Farsite Farlinx X25 Gateway Firmware FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | 7.5 |
| 2020-06-01 | CVE-2014-7173 | OS Command Injection vulnerability in Farsite Farlinx X25 Gateway Firmware FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | 7.5 |
| 2020-06-01 | CVE-2020-12062 | Improper Input Validation vulnerability in Openbsd Openssh 8.2 The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. | 7.5 |
| 2020-06-01 | CVE-2020-8967 | SQL Injection vulnerability in Gesio ERP There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. | 7.5 |
| 2020-05-29 | CVE-2020-12675 | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. | 8.8 |
| 2020-05-29 | CVE-2020-13693 | Unspecified vulnerability in Bbpress An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | 7.5 |
| 2020-05-28 | CVE-2020-11079 | Command Injection vulnerability in Node-Dns-Sync Project Node-Dns-Sync 0.1.3 node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . | 7.5 |