|
199651
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29029
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199652
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29028
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199653
|
7.2 |
HIGH
Network
|
secomea
|
sitemanager_firmware
|
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea…
|
CWE-863
Incorrect Authorization
|
CVE-2020-29020
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199654
|
7.2 |
HIGH
Network
|
secomea
|
gatemanager_8250_firmware
|
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateMana…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29032
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199655
|
8.6 |
HIGH
Network
|
totvs
|
fluig
|
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
|
CWE-22
Path Traversal
|
CVE-2020-29134
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199656
|
9.8 |
CRITICAL
Network
|
cgal
fedoraproject
debian
|
computational_geometry_algorithms_library
fedora
debian_linux
|
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->…
|
-
|
CVE-2020-28636
|
2024-11-21 14:23 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199657
|
9.8 |
CRITICAL
Network
|
thimpress
|
wp_hotel_booking
|
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in inclu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29047
|
2024-11-21 14:23 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199658
|
9.8 |
CRITICAL
Network
|
bittacora
|
bpanel
|
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
|
CWE-89
SQL Injection
|
CVE-2020-28657
|
2024-11-21 14:23 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199659
|
5.9 |
MEDIUM
Network
|
saltstack
fedoraproject
debian
|
salt
fedora
debian_linux
|
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28972
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199660
|
7.8 |
HIGH
Local
|
owncloud
|
owncloud_desktop_client
|
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-28646
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
