|
210641
|
9.8 |
CRITICAL
Network
|
sumavision
|
enhanced_multimedia_router_firmware
|
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_us…
|
CWE-352
Origin Validation Error
|
CVE-2020-10181
|
2024-11-21 13:54 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210642
|
6.1 |
MEDIUM
Network
|
munkireport_project
|
munkireport
|
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authen…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10192
|
2024-11-21 13:54 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210643
|
5.4 |
MEDIUM
Network
|
munkireport_project
|
munkireport
|
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated …
|
CWE-79
Cross-site Scripting
|
CVE-2020-10191
|
2024-11-21 13:54 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210644
|
8.8 |
HIGH
Network
|
munkireport_project
|
munkireport
|
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.
|
CWE-89
SQL Injection
|
CVE-2020-10190
|
2024-11-21 13:54 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210645
|
8.1 |
HIGH
Network
|
gonitro
|
nitro_pro
|
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10223
|
2024-11-21 13:54 |
2020-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210646
|
8.1 |
HIGH
Network
|
gonitro
|
nitro_pro
|
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
|
NVD-CWE-noinfo
|
CVE-2020-10222
|
2024-11-21 13:54 |
2020-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210647
|
8.8 |
HIGH
Network
|
rconfig
|
rconfig
|
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
|
CWE-78
OS Command
|
CVE-2020-10221
|
2024-11-21 13:54 |
2020-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210648
|
9.8 |
CRITICAL
Network
|
rconfig
|
rconfig
|
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
|
CWE-89
SQL Injection
|
CVE-2020-10220
|
2024-11-21 13:54 |
2020-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210649
|
8.8 |
HIGH
Network
|
dlink
trendnet
|
dir-825_firmware
tew-632brp_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1…
|
CWE-78
OS Command
|
CVE-2020-10216
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210650
|
8.8 |
HIGH
Network
|
dlink
trendnet
|
dir-825_firmware
tew-632brp_firmware
|
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-…
|
CWE-78
OS Command
|
CVE-2020-10215
|
2024-11-21 13:54 |
2020-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
