|
210191
|
8.8 |
HIGH
Network
|
invigo
|
automatic_device_management
|
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the appli…
|
CWE-78
OS Command
|
CVE-2020-10583
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210192
|
9.8 |
CRITICAL
Network
|
invigo
|
automatic_device_management
|
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and m…
|
CWE-89
SQL Injection
|
CVE-2020-10582
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210193
|
7.5 |
HIGH
Network
|
invigo
|
automatic_device_management
|
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data host…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-10581
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210194
|
8.8 |
HIGH
Network
|
invigo
|
automatic_device_management
|
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the…
|
CWE-77
Command Injection
|
CVE-2020-10580
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210195
|
7.5 |
HIGH
Network
|
invigo
|
automatic_device_management
|
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to…
|
CWE-22
Path Traversal
|
CVE-2020-10579
|
2024-11-21 13:55 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210196
|
8.8 |
HIGH
Network
|
github
|
github
|
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers use…
|
NVD-CWE-noinfo
|
CVE-2020-10519
|
2024-11-21 13:55 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210197
|
5.9 |
MEDIUM
Network
|
owncloud
|
owncloud
|
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
|
CWE-287
Improper Authentication
|
CVE-2020-10254
|
2024-11-21 13:55 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210198
|
8.3 |
HIGH
Network
|
owncloud
|
owncloud
|
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-10252
|
2024-11-21 13:55 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210199
|
3.3 |
LOW
Local
|
redhat
|
keycloak
single_sign-on
jboss_fuse
openshift_application_runtimes
|
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift App…
|
-
|
CVE-2020-10734
|
2024-11-21 13:55 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210200
|
7.5 |
HIGH
Network
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAA…
|
CWE-326
CWE-522
Inadequate Encryption Strength
Insufficiently Protected Credentials
|
CVE-2020-10554
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
