|
197071
|
7.2 |
HIGH
Network
|
dlink
|
dsl-gs225_firmware
|
D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CL…
|
CWE-78
OS Command
|
CVE-2020-6765
|
2024-11-21 14:36 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197072
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortiadc_firmware
|
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6647
|
2024-11-21 14:36 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197073
|
9.8 |
CRITICAL
Network
|
honeywell
|
notifier_webserver
|
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware updat…
|
CWE-22
Path Traversal
|
CVE-2020-6974
|
2024-11-21 14:36 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197074
|
7.5 |
HIGH
Network
|
visam
|
vbase_web-remote
vbase_editor
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from lo…
|
CWE-22
Path Traversal
|
CVE-2020-7008
|
2024-11-21 14:36 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197075
|
9.8 |
CRITICAL
Network
|
belden
|
hirschmann_hios
hirschmann_hisecos
|
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could explo…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-6994
|
2024-11-21 14:36 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197076
|
8.8 |
HIGH
Local
|
visam
|
vbase_web-remote
vbase_editor
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system t…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-7004
|
2024-11-21 14:36 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197077
|
7.5 |
HIGH
Network
|
visam
|
vbase_web-remote
vbase_editor
|
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and th…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-7000
|
2024-11-21 14:36 |
2020-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197078
|
9.8 |
CRITICAL
Network
|
cacagoo
|
tv-288zd-2mp_firmware
|
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-6852
|
2024-11-21 14:36 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197079
|
6.1 |
MEDIUM
Network
|
auth0
|
login_by_auth0
|
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6753
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197080
|
6.7 |
MEDIUM
Local
|
mcafee
|
endpoint_security
|
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-7263
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
