|
210521
|
9.8 |
CRITICAL
Network
|
the_school_manage_system_project
|
the_school_manage_system
|
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting ma…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10507
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210522
|
7.5 |
HIGH
Network
|
the_school_manage_system_project
|
the_school_manage_system
|
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.
|
CWE-22
Path Traversal
|
CVE-2020-10506
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210523
|
9.8 |
CRITICAL
Network
|
the_school_manage_system_project
|
the_school_manage_system
|
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases sch…
|
CWE-89
SQL Injection
|
CVE-2020-10505
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210524
|
7.8 |
HIGH
Local
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root accoun…
|
CWE-269
Improper Privilege Management
|
CVE-2020-10384
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210525
|
9.8 |
CRITICAL
Network
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
|
NVD-CWE-noinfo
|
CVE-2020-10383
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210526
|
8.8 |
HIGH
Network
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.
|
NVD-CWE-noinfo
|
CVE-2020-10382
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210527
|
5.3 |
MEDIUM
Network
|
mbconnectline
|
mymbconnect24
mbconnect24
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discove…
|
CWE-89
SQL Injection
|
CVE-2020-10381
|
2024-11-21 13:55 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210528
|
7.8 |
HIGH
Local
|
fujielectric
|
v-server
|
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10646
|
2024-11-21 13:55 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210529
|
7.8 |
HIGH
Local
|
rockwellautomation
|
rslinx_classic
|
In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privile…
|
-
|
CVE-2020-10642
|
2024-11-21 13:55 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210530
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
|
CWE-22
Path Traversal
|
CVE-2020-10631
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
