|
198671
|
6.1 |
MEDIUM
Network
|
egavilanmedia
|
user_registration_and_login_system_with_admin_panel
|
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35252
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198672
|
6.1 |
MEDIUM
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem PO…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35650
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198673
|
7.5 |
HIGH
Network
|
mersive
|
solstice_firmware
|
In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is dir…
|
NVD-CWE-noinfo
|
CVE-2020-35587
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198674
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there i…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35586
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198675
|
7.5 |
HIGH
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35585
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198676
|
5.9 |
MEDIUM
Network
|
mersive
|
solstice_pod_firmware
|
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's ne…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-35584
|
2024-11-21 14:27 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198677
|
5.3 |
MEDIUM
Network
|
titanhq
|
spamtitan
|
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
|
CWE-552
CWE-312
Files or Directories Accessible to External Parties
Cleartext Storage of Sensitive Information
|
CVE-2020-35658
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198678
|
7.2 |
HIGH
Network
|
jaws_project
|
jaws
|
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35657
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198679
|
7.2 |
HIGH
Network
|
jaws_project
|
jaws
|
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGad…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-35656
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198680
|
5.5 |
MEDIUM
Local
|
microsoft
|
azure_sphere
|
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacke…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-35609
|
2024-11-21 14:27 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
