|
199821
|
7.2 |
HIGH
Network
|
secomea
|
sitemanager_firmware
|
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea…
|
CWE-863
Incorrect Authorization
|
CVE-2020-29020
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199822
|
7.2 |
HIGH
Network
|
secomea
|
gatemanager_8250_firmware
|
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateMana…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29032
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199823
|
8.6 |
HIGH
Network
|
totvs
|
fluig
|
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
|
CWE-22
Path Traversal
|
CVE-2020-29134
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199824
|
9.8 |
CRITICAL
Network
|
cgal
fedoraproject
debian
|
computational_geometry_algorithms_library
fedora
debian_linux
|
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->…
|
-
|
CVE-2020-28636
|
2024-11-21 14:23 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199825
|
9.8 |
CRITICAL
Network
|
thimpress
|
wp_hotel_booking
|
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in inclu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29047
|
2024-11-21 14:23 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199826
|
9.8 |
CRITICAL
Network
|
bittacora
|
bpanel
|
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
|
CWE-89
SQL Injection
|
CVE-2020-28657
|
2024-11-21 14:23 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199827
|
5.9 |
MEDIUM
Network
|
saltstack
fedoraproject
debian
|
salt
fedora
debian_linux
|
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28972
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199828
|
7.8 |
HIGH
Local
|
owncloud
|
owncloud_desktop_client
|
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-28646
|
2024-11-21 14:23 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199829
|
6.5 |
MEDIUM
Network
|
adobe
|
acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc
|
Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an atta…
|
CWE-200
Information Exposure
|
CVE-2020-29075
|
2024-11-21 14:23 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199830
|
5.3 |
MEDIUM
Network
|
deepnetsecurity
|
dualshield
|
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
|
NVD-CWE-noinfo
|
CVE-2020-28918
|
2024-11-21 14:23 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
