|
200521
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
|
CWE-22
Path Traversal
|
CVE-2020-8803
|
2024-11-21 14:39 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200522
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
|
CWE-89
SQL Injection
|
CVE-2020-8802
|
2024-11-21 14:39 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200523
|
7.2 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.11 allows PHAR Deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-8801
|
2024-11-21 14:39 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200524
|
8.8 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
|
CWE-74
Injection
|
CVE-2020-8800
|
2024-11-21 14:39 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200525
|
9.8 |
CRITICAL
Network
|
askey
|
ap4000w_firmware
|
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TC…
|
CWE-20
Improper Input Validation
|
CVE-2020-8614
|
2024-11-21 14:39 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200526
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-842_firmware
|
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-8962
|
2024-11-21 14:39 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200527
|
9.8 |
CRITICAL
Network
|
openvpn
|
openvpn_access_server
|
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
|
CWE-287
Improper Authentication
|
CVE-2020-8953
|
2024-11-21 14:39 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200528
|
9.8 |
CRITICAL
Network
|
timetoolsltd
|
sr9850_firmware
sr9750_firmware
sc9705_firmware
sr9210_firmware
sc9205_firmware
sr7110_firmware
sc7105_firmware
t100_firmware
t300_firmware
t550_firmware
|
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-8964
|
2024-11-21 14:39 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200529
|
9.8 |
CRITICAL
Network
|
timetoolsltd
|
sr9850_firmware
sr9750_firmware
sc9705_firmware
sr9210_firmware
sc9205_firmware
sr7110_firmware
sc7105_firmware
t100_firmware
t300_firmware
t550_firmware
|
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers t…
|
CWE-78
OS Command
|
CVE-2020-8963
|
2024-11-21 14:39 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200530
|
9.8 |
CRITICAL
Network
|
weechat
fedoraproject
opensuse
debian
|
weechat
fedora
leap
backports_sle
debian_linux
|
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified othe…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8955
|
2024-11-21 14:39 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
