|
201641
|
4.9 |
MEDIUM
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
|
NVD-CWE-noinfo
|
CVE-2020-9500
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
201642
|
7.2 |
HIGH
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-9499
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
201643
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiadc_firmware
|
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
|
NVD-CWE-noinfo
|
CVE-2020-9286
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201644
|
6.5 |
MEDIUM
Network
|
idxbroker
|
impress_for_idx_broker
|
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and page…
|
CWE-862
Missing Authorization
|
CVE-2020-9514
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201645
|
6.6 |
MEDIUM
Network
|
siedle
|
sg_150-0_firmware
|
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9473
|
2024-11-21 14:40 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201646
|
7.5 |
HIGH
Network
|
cacagoo
|
tv-288zd-2mp_firmware
|
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9349
|
2024-11-21 14:40 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201647
|
4.3 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-9468
|
2024-11-21 14:40 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201648
|
5.4 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9467
|
2024-11-21 14:40 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201649
|
8.8 |
HIGH
Network
|
microfocus
|
service_manager_automation
|
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow f…
|
CWE-89
SQL Injection
|
CVE-2020-9521
|
2024-11-21 14:40 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201650
|
5.4 |
MEDIUM
Network
|
microfocus
|
vibe
|
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9520
|
2024-11-21 14:40 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
