|
210231
|
7.8 |
HIGH
Local
|
cmsmadesimple
|
cms_made_simple
|
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/o…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10682
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210232
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10681
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210233
|
7.5 |
HIGH
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's we…
|
CWE-287
Improper Authentication
|
CVE-2020-10669
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210234
|
8.8 |
HIGH
Network
|
canon
|
oce_colorwave_500_firmware
|
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a log…
|
CWE-352
Origin Validation Error
|
CVE-2020-10671
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210235
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the l…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10670
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210236
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10668
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210237
|
6.1 |
MEDIUM
Network
|
canon
|
oce_colorwave_500_firmware
|
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). N…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10667
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210238
|
8.8 |
HIGH
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-10678
|
2024-11-21 13:55 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210239
|
7.5 |
HIGH
Network
|
jsonparser_project
fedoraproject
|
jsonparser
fedora
|
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-10675
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210240
|
7.8 |
HIGH
Local
|
denx
opensuse
|
u-boot
leap
|
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default con…
|
CWE-20
Improper Input Validation
|
CVE-2020-10648
|
2024-11-21 13:55 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
