|
209381
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-823g_firmware
|
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacter…
|
CWE-78
OS Command
|
CVE-2020-25367
|
2024-11-21 14:17 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209382
|
5.4 |
MEDIUM
Network
|
mara_cms_project
|
mara_cms
|
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25422
|
2024-11-21 14:17 |
2021-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209383
|
9.1 |
CRITICAL
Network
|
rconfig
|
rconfig
|
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFi…
|
CWE-862
Missing Authorization
|
CVE-2020-25359
|
2024-11-21 14:17 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209384
|
6.5 |
MEDIUM
Network
|
rconfig
|
rconfig
|
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the dev…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-25353
|
2024-11-21 14:17 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209385
|
5.4 |
MEDIUM
Network
|
rconfig
|
rconfig
|
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javas…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25352
|
2024-11-21 14:17 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209386
|
6.5 |
MEDIUM
Network
|
rconfig
|
rconfig
|
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-25351
|
2024-11-21 14:17 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209387
|
3.8 |
LOW
Physics
|
nuvoton
|
npct75x_firmware
|
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECD…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-25082
|
2024-11-21 14:17 |
2021-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209388
|
7.2 |
HIGH
Network
|
mimosa
|
b5_firmware
b5c_firmware
c5c_firmware
|
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to…
|
CWE-78
OS Command
|
CVE-2020-25206
|
2024-11-21 14:17 |
2021-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209389
|
6.1 |
MEDIUM
Network
|
mimosa
|
b5_firmware
b5c_firmware
c5c_firmware
|
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may se…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25205
|
2024-11-21 14:17 |
2021-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209390
|
7.8 |
HIGH
Local
|
bookingcore
|
booking_core
|
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a re…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-25445
|
2024-11-21 14:17 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
