|
209721
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The…
|
-
|
CVE-2020-15420
|
2024-11-21 14:05 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209722
|
7.8 |
HIGH
Local
|
riverbed
|
steelcentral_aternity_agent
|
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other proces…
|
NVD-CWE-noinfo
|
CVE-2020-15593
|
2024-11-21 14:05 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209723
|
7.5 |
HIGH
Network
|
riverbed
|
steelcentral_aternity_agent
|
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative t…
|
CWE-22
Path Traversal
|
CVE-2020-15592
|
2024-11-21 14:05 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209724
|
8.8 |
HIGH
Adjacent
|
d-link
|
dir-867_firmware
dir-878_firmware
dir-882_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is n…
|
-
|
CVE-2020-15633
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209725
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-842_firmware
|
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability…
|
-
|
CVE-2020-15632
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209726
|
8.0 |
HIGH
Adjacent
|
dlink
|
dap-1860_firmware
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to explo…
|
-
|
CVE-2020-15631
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209727
|
9.8 |
CRITICAL
Network
|
inneo
|
startup_tools
|
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem acc…
|
CWE-22
Path Traversal
|
CVE-2020-15492
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209728
|
9.8 |
CRITICAL
Network
|
raspberrytorte
|
raspberrytortoise
|
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the paramete…
|
CWE-78
OS Command
|
CVE-2020-15477
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209729
|
9.8 |
CRITICAL
Network
|
devspace
|
devspace
|
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15391
|
2024-11-21 14:05 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209730
|
6.1 |
MEDIUM
Network
|
jalios
|
jcms
|
jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of …
|
CWE-79
Cross-site Scripting
|
CVE-2020-15497
|
2024-11-21 14:05 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
