|
200551
|
8.8 |
HIGH
Network
|
nagios
|
nagios_core
|
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
|
CWE-352
Origin Validation Error
|
CVE-2020-35269
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200552
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35252
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200553
|
6.1 |
MEDIUM
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem PO…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35650
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200554
|
7.5 |
HIGH
Network
|
mersive
|
solstice_firmware
|
In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is dir…
|
NVD-CWE-noinfo
|
CVE-2020-35587
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200555
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there i…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35586
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200556
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35585
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200557
|
5.9 |
MEDIUM
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's ne…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-35584
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200558
|
5.3 |
MEDIUM
Network
|
titanhq
|
spamtitan
|
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
|
CWE-552
CWE-312
Files or Directories Accessible to External Parties
Cleartext Storage of Sensitive Information
|
CVE-2020-35658
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200559
|
7.2 |
HIGH
Network
|
jaws_project
|
jaws
|
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35657
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200560
|
7.2 |
HIGH
Network
|
jaws_project
|
jaws
|
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGad…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35656
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
