|
211681
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10681
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211682
|
7.5 |
HIGH
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's we…
|
CWE-287
Improper Authentication
|
CVE-2020-10669
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211683
|
8.8 |
HIGH
Network
|
canon
|
oce_colorwave_500_firmware
|
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a log…
|
CWE-352
Origin Validation Error
|
CVE-2020-10671
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211684
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the l…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10670
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211685
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10668
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211686
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). N…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10667
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211687
|
8.8 |
HIGH
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-10678
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211688
|
7.5 |
HIGH
Network
|
jsonparser_project
fedoraproject
|
jsonparser
fedora
|
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-10675
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211689
|
7.8 |
HIGH
Local
|
denx
opensuse
|
u-boot
leap
|
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con…
|
CWE-20
Improper Input Validation
|
CVE-2020-10648
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211690
|
9.8 |
CRITICAL
Network
|
perlspeak_project
|
perlspeak
|
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.
|
CWE-78
OS Command
|
CVE-2020-10674
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
