|
196801
|
9.8 |
CRITICAL
Network
|
simplejobscript
|
simplejobscript
|
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). T…
|
CWE-89
SQL Injection
|
CVE-2020-7229
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196802
|
7.5 |
HIGH
Network
|
parallels
|
parallels
|
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file o…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-7213
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196803
|
7.5 |
HIGH
Network
|
libslirp_project
qemu
|
libslirp
qemu
|
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
|
CWE-22
Path Traversal
|
CVE-2020-7211
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196804
|
5.5 |
MEDIUM
Local
|
taskautomation
|
carbonftp
|
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
|
CWE-798
CWE-327
Use of Hard-coded Credentials
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-6857
|
2024-11-21 14:36 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196805
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulner…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-7246
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196806
|
6.1 |
MEDIUM
Network
|
ibm
|
chatbot_with_ibm_watson
|
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.
|
CWE-79
Cross-site Scripting
|
CVE-2020-7239
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196807
|
4.8 |
MEDIUM
Network
|
smc
|
d3g0804_firmware
|
SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account).
|
CWE-79
Cross-site Scripting
|
CVE-2020-7249
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196808
|
7.2 |
HIGH
Network
|
comtechtel
|
stampede_fx-1010_firmware
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router…
|
CWE-78
OS Command
|
CVE-2020-7244
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196809
|
7.2 |
HIGH
Network
|
comtechtel
|
stampede_fx-1010_firmware
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL fiel…
|
CWE-78
OS Command
|
CVE-2020-7243
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196810
|
7.2 |
HIGH
Network
|
comtechtel
|
stampede_fx-1010_firmware
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters i…
|
CWE-78
OS Command
|
CVE-2020-7242
|
2024-11-21 14:36 |
2020-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
