|
210401
|
7.2 |
HIGH
Network
|
chadhaajay
|
phpkb
|
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10386
|
2024-11-21 13:55 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210402
|
9.8 |
CRITICAL
Network
|
technicolor
|
tc7337net_firmware
|
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-10376
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210403
|
5.4 |
MEDIUM
Network
|
ramp
|
altimeter
|
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10372
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210404
|
9.0 |
CRITICAL
Network
|
samsung
micron
skhynix
|
lpddr4
ddr4
ddr4_sdram
|
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass iss…
|
CWE-20
Improper Input Validation
|
CVE-2020-10255
|
2024-11-21 13:55 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210405
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10251
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210406
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because …
|
CWE-94
CWE-862
Code Injection
Missing Authorization
|
CVE-2020-10257
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210407
|
9.8 |
CRITICAL
Network
|
meinbwa
|
direx-pro_firmware
|
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.
|
CWE-78
OS Command
|
CVE-2020-10250
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210408
|
5.3 |
MEDIUM
Network
|
meinbwa
|
direx-pro_firmware
|
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.
|
NVD-CWE-noinfo
|
CVE-2020-10249
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210409
|
7.5 |
HIGH
Network
|
meinbwa
|
direx-pro_firmware
|
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-10248
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210410
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10247
|
2024-11-21 13:55 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
