|
208321
|
6.1 |
MEDIUM
Network
|
wftpserver
|
wing_ftp_server
|
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript …
|
CWE-79
Cross-site Scripting
|
CVE-2020-27735
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208322
|
9.8 |
CRITICAL
Network
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-27583
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208323
|
7.5 |
HIGH
Network
|
company
|
cs-c2shw_firmware
|
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27541
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208324
|
9.8 |
CRITICAL
Network
|
company
|
cs-c2shw_firmware
|
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-27540
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208325
|
6.8 |
MEDIUM
Physics
|
company
|
cs-c2shw_firmware
|
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to t…
|
CWE-78
OS Command
|
CVE-2020-27542
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208326
|
9.8 |
CRITICAL
Network
|
company
|
cs-c2shw_firmware
|
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27539
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208327
|
6.5 |
MEDIUM
Adjacent
|
philips
|
viewforum
coronary_tools
dynamic_coronary_roadmap
stentboost_live
interventional_workspot
|
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software construc…
|
CWE-78
OS Command
|
CVE-2020-27298
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208328
|
7.8 |
HIGH
Local
|
deltaww
|
tpeditor
|
An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27288
|
2024-11-21 14:21 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208329
|
7.5 |
HIGH
Network
|
nec
|
esmpro_manager
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The sp…
|
CWE-22
Path Traversal
|
CVE-2020-27859
|
2024-11-21 14:21 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208330
|
5.4 |
MEDIUM
Network
|
rocketgenius
|
gravityforms
|
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27852
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
