CVE-2020-37032 - Wing FTP Server 6.3.8 - Remote Code Execution
CVE ID : CVE-2020-37032
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37032
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37033 - Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
CVE ID : CVE-2020-37033
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37033
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37034 - HelloWeb 2.0 - Arbitrary File Download
CVE ID : CVE-2020-37034
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37034
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37035 - e-learning Php Script 0.1.0 - 'search' SQL Injection
CVE ID : CVE-2020-37035
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37035
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37036 - RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow
CVE ID : CVE-2020-37036
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37036
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37038 - Code Blocks 20.03 - Denial Of Service
CVE ID : CVE-2020-37038
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37038
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37039 - Frigate 2.02 - Denial Of Service
CVE ID : CVE-2020-37039
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37039
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37040 - Code Blocks 17.12 - 'File Name' Local Buffer Overflow
CVE ID : CVE-2020-37040
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37040
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37041 - OpenCTI 3.3.1 - Directory Traversal
CVE ID : CVE-2020-37041
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37041
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37042 - Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow
CVE ID : CVE-2020-37042
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37042
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37043 - 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
CVE ID : CVE-2020-37043
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37043
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37044 - OpenCTI 3.3.1 - Cross Site Scripting
CVE ID : CVE-2020-37044
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37044
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37046 - Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery
CVE ID : CVE-2020-37046
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37046
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37049 - Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow
CVE ID : CVE-2020-37049
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37049
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37050 - Quick Player 1.3 - '.m3l' Buffer Overflow
CVE ID : CVE-2020-37050
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37050
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37051 - Online-Exam-System 2015 - 'feedback' SQL Injection
CVE ID : CVE-2020-37051
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37051
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37052 - AirControl 1.4.2 - PreAuth Remote Code Execution
CVE ID : CVE-2020-37052
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37052
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37053 - Navigate CMS 2.8.7 - ''sidx' SQL Injection
CVE ID : CVE-2020-37053
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37053
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37054 - Navigate CMS 2.8.7 - Cross-Site Request Forgery
CVE ID : CVE-2020-37054
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37054
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37056 - Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
CVE ID : CVE-2020-37056
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37056
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37057 - Online-Exam-System 2015 - 'fid' SQL Injection
CVE ID : CVE-2020-37057
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37057
Published : Jan. 30, 2026, 11:16 p.m. | 3 hours, 12 minutes ago
Description : Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...