|
199721
|
5.9 |
MEDIUM
Network
|
terra-master
|
tos
|
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a…
|
NVD-CWE-noinfo
|
CVE-2020-28190
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199722
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
|
CWE-78
OS Command
|
CVE-2020-28188
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199723
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to…
|
CWE-22
Path Traversal
|
CVE-2020-28187
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199724
|
7.3 |
HIGH
Network
|
terra-master
|
tos
|
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-28186
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199725
|
5.3 |
MEDIUM
Network
|
terra-master
|
tos
|
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
|
NVD-CWE-noinfo
|
CVE-2020-28185
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199726
|
5.4 |
MEDIUM
Network
|
terra-master
|
tos
|
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28184
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199727
|
7.0 |
HIGH
Local
|
td-agent-builder_project
debian
|
td-agent-builder
debian_linux
|
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SY…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28169
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199728
|
9.8 |
CRITICAL
Network
|
online_health_care_system_project
|
online_health_care_system
|
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
|
CWE-89
SQL Injection
|
CVE-2020-28074
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199729
|
9.8 |
CRITICAL
Network
|
library_management_system_project
|
library_management_system
|
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
|
CWE-89
SQL Injection
|
CVE-2020-28073
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199730
|
4.8 |
MEDIUM
Network
|
alumni_management_system_project
|
alumni_management_system
|
SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS …
|
CWE-79
Cross-site Scripting
|
CVE-2020-28071
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
