|
199441
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
|
CWE-78
OS Command
|
CVE-2020-35665
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199442
|
7.5 |
HIGH
Network
|
advanced_comment_system_project
|
advanced_comment_system
|
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
|
CWE-22
Path Traversal
|
CVE-2020-35598
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199443
|
8.8 |
HIGH
Network
|
raysync
|
raysync
|
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can…
|
CWE-22
Path Traversal
|
CVE-2020-35370
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199444
|
8.8 |
HIGH
Network
|
nagios
|
nagios_core
|
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
|
CWE-352
Origin Validation Error
|
CVE-2020-35269
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199445
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35252
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199446
|
6.1 |
MEDIUM
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem PO…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35650
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199447
|
7.5 |
HIGH
Network
|
mersive
|
solstice_firmware
|
In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is dir…
|
NVD-CWE-noinfo
|
CVE-2020-35587
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199448
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there i…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35586
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199449
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35585
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199450
|
5.9 |
MEDIUM
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's ne…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-35584
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
