|
198341
|
5.4 |
MEDIUM
Network
|
octech
|
oempro
|
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9460
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198342
|
8.8 |
HIGH
Network
|
rubrik
|
cdm
|
An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems.
|
CWE-78
OS Command
|
CVE-2020-9478
|
2024-11-21 14:40 |
2020-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198343
|
4.9 |
MEDIUM
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
|
NVD-CWE-noinfo
|
CVE-2020-9500
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
198344
|
7.2 |
HIGH
Network
|
dahuasecurity
|
sd6al_firmware
sd5a_firmware
sd1a_firmware
ptz1a_firmware
sd50_firmware
sd52c_firmware
ipc-hx5842h_firmware
ipc-hx7842h_firmware
ipc-hx2xxx_firmware
ipc-hxxx5x4x_firmware
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-9499
|
2024-11-21 14:40 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
198345
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiadc_firmware
|
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
|
NVD-CWE-noinfo
|
CVE-2020-9286
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198346
|
6.5 |
MEDIUM
Network
|
idxbroker
|
impress_for_idx_broker
|
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and page…
|
CWE-862
Missing Authorization
|
CVE-2020-9514
|
2024-11-21 14:40 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198347
|
6.6 |
MEDIUM
Network
|
siedle
|
sg_150-0_firmware
|
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9473
|
2024-11-21 14:40 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198348
|
7.5 |
HIGH
Network
|
cacagoo
|
tv-288zd-2mp_firmware
|
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9349
|
2024-11-21 14:40 |
2020-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198349
|
4.3 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-9468
|
2024-11-21 14:40 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198350
|
5.4 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9467
|
2024-11-21 14:40 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
