|
210191
|
6.5 |
MEDIUM
Network
|
advantech
|
webaccess\/nms
|
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
CWE-89
SQL Injection
|
CVE-2020-10623
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210192
|
9.1 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
|
CWE-22
Path Traversal
|
CVE-2020-10619
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210193
|
7.5 |
HIGH
Network
|
advantech
|
webaccess\/nms
|
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
CWE-89
SQL Injection
|
CVE-2020-10617
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210194
|
8.8 |
HIGH
Network
|
advantech
|
webaccess\/nms
|
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
|
CWE-78
OS Command
|
CVE-2020-10603
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210195
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10621
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210196
|
7.8 |
HIGH
Local
|
tencent
|
qqbrowser
|
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote u…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-10551
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210197
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10263
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210198
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on th…
|
NVD-CWE-noinfo
|
CVE-2020-10262
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210199
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_flexy_firmware
ewon_cosy_firmware
|
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password …
|
CWE-79
Cross-site Scripting
|
CVE-2020-10633
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210200
|
7.5 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.
|
CWE-22
Path Traversal
|
CVE-2020-10366
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
