|
218301
|
9.1 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
|
CWE-22
Path Traversal
|
CVE-2020-10619
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218302
|
7.5 |
HIGH
Network
|
advantech
|
webaccess\/nms
|
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
CWE-89
SQL Injection
|
CVE-2020-10617
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218303
|
8.8 |
HIGH
Network
|
advantech
|
webaccess\/nms
|
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
|
CWE-78
OS Command
|
CVE-2020-10603
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218304
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess\/nms
|
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-10621
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218305
|
7.8 |
HIGH
Local
|
tencent
|
qqbrowser
|
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote u…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-10551
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218306
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogu…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10263
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218307
|
6.8 |
MEDIUM
Physics
|
mi
|
xiaomi_xiaoai_speaker_pro_lx06_firmware
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on th…
|
NVD-CWE-noinfo
|
CVE-2020-10262
|
2024-11-21 13:55 |
2020-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218308
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_flexy_firmware
ewon_cosy_firmware
|
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password …
|
CWE-79
Cross-site Scripting
|
CVE-2020-10633
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218309
|
7.5 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.
|
CWE-22
Path Traversal
|
CVE-2020-10366
|
2024-11-21 13:55 |
2020-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218310
|
7.5 |
HIGH
Network
|
universal-robots
|
ur_software
|
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-10267
|
2024-11-21 13:55 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
