|
198451
|
9.8 |
CRITICAL
Network
|
honeywell
|
maxpro_nvr_xe_firmware
maxpro_nvr_se_firmware
maxpro_nvr_pe_firmware
mpnvrswxx_firmware
hnmswvms_firmware
hnmswvmslt_firmware
|
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to…
|
CWE-89
SQL Injection
|
CVE-2020-6960
|
2024-11-21 14:36 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198452
|
9.8 |
CRITICAL
Network
|
honeywell
|
maxpro_nvr_xe_firmware
maxpro_nvr_se_firmware
maxpro_nvr_pe_firmware
mpnvrswxx_firmware
hnmswvms_firmware
hnmswvmslt_firmware
|
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-6959
|
2024-11-21 14:36 |
2020-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198453
|
8.1 |
HIGH
Network
|
storebackup
debian
opensuse
canonical
|
storebackup
debian_linux
leap
backports_sle
ubuntu_linux
|
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain f…
|
CWE-59
Link Following
|
CVE-2020-7040
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198454
|
7.5 |
HIGH
Network
|
grin
|
grin
|
Grin through 2.1.1 has Insufficient Validation.
|
CWE-20
Improper Input Validation
|
CVE-2020-6638
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198455
|
8.8 |
HIGH
Network
|
hutchhouse
|
marketo_forms_and_tracking
|
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS.
|
CWE-352
Origin Validation Error
|
CVE-2020-6849
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198456
|
9.8 |
CRITICAL
Network
|
simplejobscript
|
simplejobscript
|
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). T…
|
CWE-89
SQL Injection
|
CVE-2020-7229
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198457
|
7.5 |
HIGH
Network
|
parallels
|
parallels
|
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file o…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7213
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198458
|
7.5 |
HIGH
Network
|
libslirp_project
qemu
|
libslirp
qemu
|
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
|
CWE-22
Path Traversal
|
CVE-2020-7211
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198459
|
5.5 |
MEDIUM
Local
|
taskautomation
|
carbonftp
|
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
|
CWE-798
CWE-327
Use of Hard-coded Credentials
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-6857
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198460
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulner…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-7246
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
