|
210161
|
5.3 |
MEDIUM
Network
|
maipu
|
mp1800x-50_firmware
|
The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware versio…
|
NVD-CWE-noinfo
|
CVE-2020-13896
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210162
|
5.9 |
MEDIUM
Network
|
openbsd
netapp
|
openssh
aff_a700s_firmware
steelstore_cloud_integrated_storage
ontap_select_deploy_administration_utility
active_iq_unified_manager
solidfire
hci_management_node
hci_storage_node…
|
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-14145
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210163
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.
|
CWE-78
OS Command
|
CVE-2020-14072
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210164
|
6.1 |
MEDIUM
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14071
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210165
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.
|
CWE-287
Improper Authentication
|
CVE-2020-14070
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210166
|
6.8 |
MEDIUM
Physics
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.ph…
|
CWE-89
SQL Injection
|
CVE-2020-14069
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210167
|
9.8 |
CRITICAL
Network
|
mk-auth
|
mk-auth
|
An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php.
|
CWE-89
SQL Injection
|
CVE-2020-14068
|
2024-11-21 14:02 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210168
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost
|
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.
|
NVD-CWE-noinfo
|
CVE-2020-13891
|
2024-11-21 14:02 |
2020-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210169
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3600_firmware
|
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14095
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210170
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3600_firmware
|
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14094
|
2024-11-21 14:02 |
2020-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
