|
199691
|
7.2 |
HIGH
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28999
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199692
|
9.8 |
CRITICAL
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28998
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199693
|
7.5 |
HIGH
Network
|
projectsend
|
projectsend
|
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
|
CWE-287
CWE-404
Improper Authentication
Improper Resource Shutdown or Release
|
CVE-2020-28874
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199694
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29019
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199695
|
8.8 |
HIGH
Network
|
fortinet
|
fortiweb
|
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-29018
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199696
|
8.8 |
HIGH
Network
|
fortinet
|
fortideceptor
|
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vuln…
|
CWE-78
OS Command
|
CVE-2020-29017
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199697
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiweb
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentiall…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29016
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199698
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiweb
|
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by send…
|
CWE-89
SQL Injection
|
CVE-2020-29015
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199699
|
6.1 |
MEDIUM
Network
|
stockdio
|
stockdio_historical_chart
|
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ b…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28707
|
2024-11-21 14:23 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199700
|
7.2 |
HIGH
Network
|
monocms
|
monocms
|
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php cau…
|
NVD-CWE-noinfo
|
CVE-2020-28672
|
2024-11-21 14:23 |
2021-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
