|
199841
|
6.5 |
MEDIUM
Network
|
secomea
|
gatemanager_8250_firmware
gatemanager_4250_firmware
gatemanager_4260_firmware
gatemanager_9250_firmware
|
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in th…
|
CWE-22
Path Traversal
|
CVE-2020-29026
|
2024-11-21 14:23 |
2021-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199842
|
6.1 |
MEDIUM
Network
|
tipsandtricks-hq
|
wp_security_\&_firewall
|
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29171
|
2024-11-21 14:23 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199843
|
9.8 |
CRITICAL
Network
|
monitorr
|
monitorr
|
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28871
|
2024-11-21 14:23 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199844
|
9.8 |
CRITICAL
Network
|
inoideas
|
inoerp
|
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2020-28870
|
2024-11-21 14:23 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199845
|
9.1 |
CRITICAL
Network
|
owncloud
|
owncloud
|
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownC…
|
CWE-20
Improper Input Validation
|
CVE-2020-28645
|
2024-11-21 14:23 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199846
|
4.3 |
MEDIUM
Network
|
owncloud
|
owncloud
|
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
|
CWE-352
Origin Validation Error
|
CVE-2020-28644
|
2024-11-21 14:23 |
2021-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199847
|
4.8 |
MEDIUM
Network
|
secomea
|
gatemanager_8250_firmware
gatemanager_4250_firmware
gatemanager_4260_firmware
gatemanager_9250_firmware
|
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29021
|
2024-11-21 14:23 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199848
|
7.3 |
HIGH
Network
|
windriver
oracle
|
vxworks
communications_eagle
|
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-28895
|
2024-11-21 14:23 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199849
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_opmanager
|
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
|
NVD-CWE-noinfo
|
CVE-2020-28653
|
2024-11-21 14:23 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199850
|
7.5 |
HIGH
Network
|
rainbowfishsoftware
|
pacsone_server
|
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
|
CWE-22
Path Traversal
|
CVE-2020-29166
|
2024-11-21 14:23 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
