|
200591
|
7.5 |
HIGH
Network
|
homey
|
homey_firmware
homey_pro_firmware
|
An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that al…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28952
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200592
|
8.8 |
HIGH
Network
|
secomea
|
gatemanager_firmware
|
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.
|
CWE-352
Origin Validation Error
|
CVE-2020-29030
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200593
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29029
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200594
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29028
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200595
|
7.2 |
HIGH
Network
|
secomea
|
sitemanager_firmware
|
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea…
|
CWE-863
Incorrect Authorization
|
CVE-2020-29020
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200596
|
7.2 |
HIGH
Network
|
secomea
|
gatemanager_8250_firmware
|
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateMana…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29032
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200597
|
8.6 |
HIGH
Network
|
totvs
|
fluig
|
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
|
CWE-22
Path Traversal
|
CVE-2020-29134
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200598
|
9.8 |
CRITICAL
Network
|
cgal
fedoraproject
debian
|
computational_geometry_algorithms_library
fedora
debian_linux
|
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->…
|
-
|
CVE-2020-28636
|
2024-11-21 14:23 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200599
|
9.8 |
CRITICAL
Network
|
thimpress
|
wp_hotel_booking
|
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in inclu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29047
|
2024-11-21 14:23 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200600
|
9.8 |
CRITICAL
Network
|
bittacora
|
bpanel
|
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
|
CWE-89
SQL Injection
|
CVE-2020-28657
|
2024-11-21 14:23 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
