|
199781
|
7.5 |
HIGH
Network
|
wayang-cms_project
|
wayang-cms
|
A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2020-29147
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199782
|
6.1 |
MEDIUM
Network
|
wayang-cms_project
|
wayang-cms
|
A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For fi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29146
|
2024-11-21 14:23 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199783
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system…
|
CWE-362
Race Condition
|
CVE-2020-29014
|
2024-11-21 14:23 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199784
|
5.4 |
MEDIUM
Network
|
razormist
|
employee_management_system
|
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29215
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199785
|
9.8 |
CRITICAL
Network
|
alumni_management_system_project
|
alumni_management_system
|
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
|
CWE-89
SQL Injection
|
CVE-2020-29214
|
2024-11-21 14:23 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199786
|
6.5 |
MEDIUM
Network
|
nightowlsp
|
smart_doorbell_firmware
|
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-28713
|
2024-11-21 14:23 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199787
|
7.5 |
HIGH
Network
|
dlink
|
dir-895l_mfc_firmware
|
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29324
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199788
|
7.5 |
HIGH
Network
|
dlink
|
dir-885l-mfc_firmware
|
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29323
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199789
|
7.5 |
HIGH
Network
|
dlink
|
dir-880l_firmware
|
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29322
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199790
|
7.5 |
HIGH
Network
|
dlink
|
dir-868l_firmware
|
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29321
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
