|
199811
|
8.8 |
HIGH
Adjacent
|
askey
|
rtf3505vw-n1_br_sv_g000_r3505vwn1001_s32_7_firmware
|
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execut…
|
CWE-78
OS Command
|
CVE-2020-28695
|
2024-11-21 14:23 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199812
|
7.5 |
HIGH
Network
|
fluxbb
|
fluxbb
|
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will res…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-28873
|
2024-11-21 14:23 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199813
|
9.1 |
CRITICAL
Network
|
zyxel
|
lte4506-m606_firmware
lte7460-m608_firmware
wah7706_firmware
|
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to u…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28899
|
2024-11-21 14:23 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199814
|
9.8 |
CRITICAL
Network
|
fivestarplugins
|
five_star_restaurant_menu
|
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in inc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29045
|
2024-11-21 14:23 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199815
|
4.3 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
|
CWE-352
Origin Validation Error
|
CVE-2020-28705
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199816
|
7.5 |
HIGH
Network
|
expressvpn
|
expressvpn
|
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29238
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199817
|
7.5 |
HIGH
Network
|
homey
|
homey_firmware
homey_pro_firmware
|
An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that al…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28952
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199818
|
8.8 |
HIGH
Network
|
secomea
|
gatemanager_firmware
|
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.
|
CWE-352
Origin Validation Error
|
CVE-2020-29030
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199819
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29029
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199820
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29028
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
