|
200561
|
7.5 |
HIGH
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed uploa…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9280
|
2024-11-21 14:40 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200562
|
8.8 |
HIGH
Network
|
subex
|
roc_partner_settlement
|
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipula…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-9384
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200563
|
5.4 |
MEDIUM
Network
|
octech
|
oempro
|
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9461
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200564
|
5.4 |
MEDIUM
Network
|
octech
|
oempro
|
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9460
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200565
|
8.8 |
HIGH
Network
|
rubrik
|
cdm
|
An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems.
|
CWE-78
OS Command
|
CVE-2020-9478
|
2024-11-21 14:40 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200566
|
4.9 |
MEDIUM
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
|
NVD-CWE-noinfo
|
CVE-2020-9500
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
200567
|
7.2 |
HIGH
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-9499
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
200568
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiadc_firmware
|
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
|
NVD-CWE-noinfo
|
CVE-2020-9286
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200569
|
6.5 |
MEDIUM
Network
|
idxbroker
|
impress_for_idx_broker
|
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and page…
|
CWE-862
Missing Authorization
|
CVE-2020-9514
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200570
|
6.6 |
MEDIUM
Network
|
siedle
|
sg_150-0_firmware
|
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9473
|
2024-11-21 14:40 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
