Security Vulnerabilities - CVEs Published In March 2020
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.02
Published
2020-03-25
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-25
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-03-25
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-03-25
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
CVSS Score
8.2
EPSS Score
0.003
Published
2020-03-25
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-25
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-03-25
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-03-25
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-25
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-03-25