|
199491
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2020-29004
|
2024-11-21 14:23 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199492
|
4.8 |
MEDIUM
Network
|
online_news_portal_project
|
online_news_portal
|
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29241
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199493
|
7.2 |
HIGH
Network
|
merkuryinnovations
|
geeni_gnc-cw028_firmware
geeni_gnc-cw025_firmware
merkury_mi-cw024_firmware
merkury_mi-cw017_firmware
|
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the REST…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29001
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199494
|
7.2 |
HIGH
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged a…
|
NVD-CWE-noinfo
|
CVE-2020-29000
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199495
|
7.2 |
HIGH
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28999
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199496
|
9.8 |
CRITICAL
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28998
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199497
|
7.5 |
HIGH
Network
|
projectsend
|
projectsend
|
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
|
CWE-287
CWE-404
Improper Authentication
Improper Resource Shutdown or Release
|
CVE-2020-28874
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199498
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29019
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199499
|
8.8 |
HIGH
Network
|
fortinet
|
fortiweb
|
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2020-29018
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199500
|
8.8 |
HIGH
Network
|
fortinet
|
fortideceptor
|
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vuln…
|
CWE-78
OS Command
|
CVE-2020-29017
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
