|
197261
|
8.8 |
HIGH
Network
|
adobe
|
framemaker
|
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-3720
|
2024-11-21 14:31 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197262
|
7.5 |
HIGH
Network
|
secom
|
dr.id_access_control
dr.id_attendance_system
|
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-3935
|
2024-11-21 14:31 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197263
|
9.8 |
CRITICAL
Network
|
secom
|
dr.id_attendance_system
dr.id_access_control
|
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
|
CWE-89
SQL Injection
|
CVE-2020-3934
|
2024-11-21 14:31 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197264
|
5.3 |
MEDIUM
Network
|
secom
|
dr.id_attendance_system
dr.id_access_control
|
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
|
NVD-CWE-noinfo
|
CVE-2020-3933
|
2024-11-21 14:31 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197265
|
7.5 |
HIGH
Network
|
sysjust
|
syuan-gu-da-shin
|
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-3938
|
2024-11-21 14:31 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197266
|
7.5 |
HIGH
Network
|
sysjust
|
syuan-gu-da-shin
|
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.
|
CWE-89
SQL Injection
|
CVE-2020-3937
|
2024-11-21 14:31 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197267
|
7.5 |
HIGH
Network
|
changingtec
|
servisign
|
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-3927
|
2024-11-21 14:31 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197268
|
7.5 |
HIGH
Network
|
changingtec
|
servisign
|
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API …
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-3926
|
2024-11-21 14:31 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197269
|
8.8 |
HIGH
Network
|
changingtec
|
servisign
|
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arb…
|
NVD-CWE-noinfo
|
CVE-2020-3925
|
2024-11-21 14:31 |
2020-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197270
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive…
|
CWE-79
Cross-site Scripting
|
CVE-2020-3758
|
2024-11-21 14:31 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
