|
199581
|
6.1 |
MEDIUM
Network
|
janobe
|
online_voting_system
|
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29239
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199582
|
5.4 |
MEDIUM
Network
|
thinkadmin
|
thinkadmin
|
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29315
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199583
|
7.5 |
HIGH
Network
|
atx
|
minicmts200a_firmware
|
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated at…
|
CWE-22
Path Traversal
|
CVE-2020-28993
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199584
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28971
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199585
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28970
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199586
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28940
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199587
|
6.1 |
MEDIUM
Network
|
myeventon
|
eventon
|
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29395
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199588
|
7.8 |
HIGH
Local
|
genivi
debian
|
diagnostic_log_and_trace
debian_linux
|
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29394
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199589
|
4.6 |
MEDIUM
Physics
|
lock_password_manager_safe_app_project
|
lock_password_manager_safe_app
|
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by t…
|
CWE-287
Improper Authentication
|
CVE-2020-29392
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199590
|
9.8 |
CRITICAL
Network
|
zeroshell
|
zeroshell
|
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shel…
|
CWE-78
OS Command
|
CVE-2020-29390
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
