|
196801
|
9.8 |
CRITICAL
Network
|
naver
|
cloud_explorer
|
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-9752
|
2024-11-21 14:41 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196802
|
9.6 |
CRITICAL
Network
|
livezilla
|
livezilla
|
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the hel…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9758
|
2024-11-21 14:41 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196803
|
7.8 |
HIGH
Local
|
patriotmemory
|
viper_rgb_firmware
|
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 byte…
|
NVD-CWE-noinfo
|
CVE-2020-9756
|
2024-11-21 14:41 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196804
|
9.8 |
CRITICAL
Network
|
unctad
|
asycuda_world
|
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distribut…
|
NVD-CWE-noinfo
|
CVE-2020-9761
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196805
|
9.8 |
CRITICAL
Network
|
craftcms
|
craft_cms
|
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
|
CWE-74
Injection
|
CVE-2020-9757
|
2024-11-21 14:41 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196806
|
9.1 |
CRITICAL
Network
|
naver
|
cloud_explorer
|
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2020-9751
|
2024-11-21 14:41 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196807
|
5.4 |
MEDIUM
Network
|
arcadyan
|
vrv9506jac23_firmware
|
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9419
|
2024-11-21 14:40 |
2022-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196808
|
6.5 |
MEDIUM
Network
|
arcadyan
|
vrv9506jac23_firmware
|
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative cred…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-9420
|
2024-11-21 14:40 |
2022-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196809
|
6.8 |
MEDIUM
Physics
|
sonos
|
one_firmware
|
Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that host…
|
NVD-CWE-noinfo
|
CVE-2020-9285
|
2024-11-21 14:40 |
2022-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196810
|
7.5 |
HIGH
Network
|
huawei
|
magic_ui
emui
|
There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr.
|
NVD-CWE-Other
|
CVE-2020-9158
|
2024-11-21 14:40 |
2021-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
