|
210951
|
7.5 |
HIGH
Network
|
zcfees_project
|
zcfees
|
An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a n…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2020-24837
|
2024-11-21 14:16 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210952
|
7.5 |
HIGH
Network
|
privateoctopus
|
picoquic
|
picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame funct…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-24944
|
2024-11-21 14:16 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210953
|
8.8 |
HIGH
Network
|
ucopia
|
ucopia_wireless_appliance
|
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
|
CWE-78
OS Command
|
CVE-2020-25036
|
2024-11-21 14:16 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210954
|
6.7 |
MEDIUM
Local
|
ucopia
|
express_wireless_appliance
|
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
|
NVD-CWE-noinfo
|
CVE-2020-25035
|
2024-11-21 14:16 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210955
|
8.2 |
HIGH
Local
|
ucopia
|
ucopia_wireless_appliance
|
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25037
|
2024-11-21 14:16 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210956
|
6.1 |
MEDIUM
Network
|
cutesoft
|
cute_editor
|
Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a spec…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24903
|
2024-11-21 14:16 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210957
|
6.1 |
MEDIUM
Network
|
quixplorer_project
|
quixplorer
|
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially cra…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24902
|
2024-11-21 14:16 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210958
|
6.1 |
MEDIUM
Network
|
krpano
|
krpano
|
The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24901
|
2024-11-21 14:16 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210959
|
6.1 |
MEDIUM
Network
|
krpano
|
krpano
|
The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24900
|
2024-11-21 14:16 |
2021-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210960
|
9.8 |
CRITICAL
Network
|
kyland
|
kps2204_6_port_managed_din-rail_programmable_serial_device_firmware
|
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and pa…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-25011
|
2024-11-21 14:16 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
