|
208371
|
6.5 |
MEDIUM
Network
|
baijiacms_project
|
baijiacms
|
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "i…
|
CWE-22
Path Traversal
|
CVE-2020-25873
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208372
|
4.9 |
MEDIUM
Network
|
frogcms_project
|
frogcms
|
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
|
CWE-22
Path Traversal
|
CVE-2020-25872
|
2024-11-21 14:18 |
2021-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208373
|
7.5 |
HIGH
Network
|
hcc-embedded
|
nichestack_ipv4
|
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-25767
|
2024-11-21 14:18 |
2021-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208374
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25566
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208375
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25565
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208376
|
8.8 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.
|
CWE-863
Incorrect Authorization
|
CVE-2020-25564
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208377
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a J…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25563
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208378
|
6.5 |
MEDIUM
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent.
|
CWE-352
Origin Validation Error
|
CVE-2020-25562
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208379
|
7.8 |
HIGH
Local
|
sapphireims
|
sapphireims
|
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25561
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208380
|
9.8 |
CRITICAL
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25560
|
2024-11-21 14:18 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
