|
215901
|
6.5 |
MEDIUM
Network
|
titanhq
|
spamtitan
|
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The u…
|
CWE-22
Path Traversal
|
CVE-2020-11700
|
2024-11-21 13:58 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215902
|
8.8 |
HIGH
Network
|
titanhq
|
spamtitan
|
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has t…
|
CWE-78
OS Command
|
CVE-2020-11699
|
2024-11-21 13:58 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215903
|
9.8 |
CRITICAL
Network
|
titanhq
|
spamtitan
|
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.con…
|
CWE-77
Command Injection
|
CVE-2020-11698
|
2024-11-21 13:58 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215904
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka S…
|
CWE-129
Improper Validation of Array Index
|
CVE-2020-11881
|
2024-11-21 13:58 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215905
|
9.1 |
CRITICAL
Network
|
linux4sam
|
at91bootstrap
|
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose thes…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2020-11684
|
2024-11-21 13:58 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215906
|
6.8 |
MEDIUM
Physics
|
linux4sam
|
at91bootstrap
|
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected syst…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11683
|
2024-11-21 13:58 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215907
|
8.1 |
HIGH
Network
|
foxitsoftware
|
phantompdf
reader
|
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-11493
|
2024-11-21 13:58 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215908
|
7.5 |
HIGH
Network
|
chadhaajay
|
phpkb
|
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on ho…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-11579
|
2024-11-21 13:58 |
2020-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215909
|
7.8 |
HIGH
Local
|
thomsonstb
philips
|
tht741fta_firmware
dtr3502bfta_dvb-t2_firmware
|
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access v…
|
NVD-CWE-noinfo
|
CVE-2020-11618
|
2024-11-21 13:58 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215910
|
5.9 |
MEDIUM
Network
|
thomsonstb
philips
|
tht741fta_firmware
dtr3502bfta_dvb-t2_firmware
|
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to mo…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-11617
|
2024-11-21 13:58 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
