|
198921
|
4.8 |
MEDIUM
Network
|
opencart
|
opencart
|
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29470
|
2024-11-21 14:24 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198922
|
4.8 |
MEDIUM
Network
|
nopcommerce
|
store
|
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29475
|
2024-11-21 14:24 |
2020-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198923
|
9.8 |
CRITICAL
Network
|
egavilanmedia
|
egm_address_book
|
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
|
CWE-89
SQL Injection
|
CVE-2020-29474
|
2024-11-21 14:24 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198924
|
9.8 |
CRITICAL
Network
|
egavilanmedia
|
under_construction_page_with_cpanel
|
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrar…
|
CWE-89
SQL Injection
|
CVE-2020-29472
|
2024-11-21 14:24 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198925
|
9.8 |
CRITICAL
Network
|
urve
|
urve
|
An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command an…
|
CWE-78
OS Command
|
CVE-2020-29552
|
2024-11-21 14:24 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198926
|
9.1 |
CRITICAL
Network
|
urve
|
urve
|
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-29551
|
2024-11-21 14:24 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198927
|
7.5 |
HIGH
Network
|
urve
|
urve
|
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuratio…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29550
|
2024-11-21 14:24 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198928
|
9.8 |
CRITICAL
Network
|
zyxel
|
usg20-vpn_firmware
usg20w-vpn_firmware
usg40_firmware
usg40w_firmware
usg60_firmware
usg60w_firmware
usg110_firmware
usg210_firmware
usg310_firmware
usg1100_firmware
usg…
|
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This accoun…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-29583
|
2024-11-21 14:24 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198929
|
7.5 |
HIGH
Network
|
miniweb_http_server_project
|
miniweb_http_server
|
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-29596
|
2024-11-21 14:24 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198930
|
4.3 |
MEDIUM
Network
|
atlassian
|
crucible
|
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29447
|
2024-11-21 14:24 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
