|
199981
|
5.3 |
MEDIUM
Network
|
sagemcom
|
f\@st_3486_router_firmware
|
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-29138
|
2024-11-21 14:23 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199982
|
5.4 |
MEDIUM
Network
|
ericsson
|
bscs_ix_r18_billing_\&_rating_mx
bscs_ix_r18_billing_\&_rating_admx
|
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also pos…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29144
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199983
|
6.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
|
CWE-79
Cross-site Scripting
|
CVE-2020-29137
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199984
|
6.5 |
MEDIUM
Network
|
cpanel
|
cpanel
|
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-29136
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199985
|
4.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
|
CWE-838
Inappropriate Encoding for Output Context
|
CVE-2020-29135
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199986
|
6.1 |
MEDIUM
Network
|
coremail_xt_project
|
coremail_xt
|
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29133
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199987
|
5.4 |
MEDIUM
Network
|
ericsson
|
bscs_ix_r18_billing_\&_rating_mx
bscs_ix_r18_billing_\&_rating_admx
|
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceD…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29145
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199988
|
4.3 |
MEDIUM
Network
|
libslirp_project
debian
fedoraproject
|
libslirp
debian_linux
fedora
|
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29130
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199989
|
4.3 |
MEDIUM
Network
|
libslirp_project
fedoraproject
debian
|
libslirp
fedora
debian_linux
|
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29129
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199990
|
7.5 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an e…
|
CWE-200
Information Exposure
|
CVE-2020-29043
|
2024-11-21 14:23 |
2020-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
