|
201611
|
8.8 |
HIGH
Network
|
dlink
|
dir-615jx10_firmware
|
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9535
|
2024-11-21 14:40 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201612
|
8.8 |
HIGH
Network
|
dlink
|
dir-615jx10_firmware
|
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9534
|
2024-11-21 14:40 |
2020-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201613
|
5.4 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9459
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201614
|
8.8 |
HIGH
Network
|
justblab
|
blab\!_ws_pro
blab\!_ax_pro
blab\!_ax
blab\!_ws
|
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to es…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-9449
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201615
|
6.1 |
MEDIUM
Network
|
export_users_to_csv_project
|
export_users_to_csv
|
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-9466
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201616
|
9.8 |
CRITICAL
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such …
|
CWE-89
SQL Injection
|
CVE-2020-9465
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201617
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_rem…
|
CWE-78
OS Command
|
CVE-2020-9463
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201618
|
6.1 |
MEDIUM
Network
|
gwtupload_project
|
gwtupload
|
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which wo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9447
|
2024-11-21 14:40 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201619
|
7.8 |
HIGH
Local
|
openvpn
|
connect
|
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dl…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-9442
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201620
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus_for_linux
antivirus_pro_plus
antivirus_pro
|
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
|
CWE-436
Interpretation Conflict
|
CVE-2020-9399
|
2024-11-21 14:40 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
