|
213211
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
|
CWE-78
OS Command
|
CVE-2020-10221
|
2024-11-21 13:54 |
2020-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213212
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
|
CWE-89
SQL Injection
|
CVE-2020-10220
|
2024-11-21 13:54 |
2020-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213213
|
8.8 |
HIGH
Network
|
dlink
trendnet
|
dir-825_firmware
tew-632brp_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1…
|
CWE-78
OS Command
|
CVE-2020-10216
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213214
|
8.8 |
HIGH
Network
|
dlink
trendnet
|
dir-825_firmware
tew-632brp_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-…
|
CWE-78
OS Command
|
CVE-2020-10215
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213215
|
8.8 |
HIGH
Network
|
dlink
|
dir-825_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_s…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10214
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213216
|
8.8 |
HIGH
Network
|
dlink
trendnet
|
dir-825_firmware
tew-632brp_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST reque…
|
CWE-78
OS Command
|
CVE-2020-10213
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213217
|
9.8 |
CRITICAL
Network
|
tecrail
|
responsive_filemanager
|
upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an i…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-10212
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213218
|
5.4 |
MEDIUM
Network
|
citrix
|
gateway_firmware
|
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Cit…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-10112
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213219
|
7.5 |
HIGH
Network
|
citrix
|
gateway_firmware
|
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic f…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-10111
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213220
|
5.3 |
MEDIUM
Network
|
citrix
|
gateway_firmware
|
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache head…
|
NVD-CWE-noinfo
|
CVE-2020-10110
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
