|
209381
|
6.5 |
MEDIUM
Adjacent
|
tesla
|
model_3_firmware
|
Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue
|
NVD-CWE-noinfo
|
CVE-2020-15912
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209382
|
8.8 |
HIGH
Network
|
softwareupdate_project
|
softwareupdate
|
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter o…
|
CWE-89
SQL Injection
|
CVE-2020-15887
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209383
|
8.8 |
HIGH
Network
|
reportdata_project
|
reportdata
|
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/…
|
CWE-89
SQL Injection
|
CVE-2020-15886
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209384
|
5.4 |
MEDIUM
Network
|
munkireport_project
|
comment
|
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15885
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209385
|
8.8 |
HIGH
Network
|
munkireport_project
|
munkireport
|
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.
|
CWE-89
SQL Injection
|
CVE-2020-15884
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209386
|
6.1 |
MEDIUM
Network
|
managedinstalls_project
|
managedinstalls
|
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (thr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15883
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209387
|
8.1 |
HIGH
Network
|
munkireport_project
|
munkireport
|
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.
|
CWE-352
Origin Validation Error
|
CVE-2020-15882
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209388
|
6.1 |
MEDIUM
Network
|
munki_facts_project
|
munki_facts
|
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15881
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209389
|
8.8 |
HIGH
Network
|
embedthis
|
goahead
|
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via c…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-15688
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209390
|
7.5 |
HIGH
Network
|
cauldrondevelopment
|
c\!
|
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.
|
CWE-22
Path Traversal
|
CVE-2020-15908
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
