|
200941
|
9.1 |
CRITICAL
Network
|
zyxel
|
lte4506-m606_firmware
lte7460-m608_firmware
wah7706_firmware
|
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to u…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28899
|
2024-11-21 14:23 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200942
|
9.8 |
CRITICAL
Network
|
fivestarplugins
|
five_star_restaurant_menu
|
The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in inc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-29045
|
2024-11-21 14:23 |
2021-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200943
|
4.3 |
MEDIUM
Network
|
thedaylightstudio
|
fuel_cms
|
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page via a post ID to /pages/delete/3.
|
CWE-352
Origin Validation Error
|
CVE-2020-28705
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200944
|
7.5 |
HIGH
Network
|
expressvpn
|
expressvpn
|
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29238
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200945
|
7.5 |
HIGH
Network
|
homey
|
homey_firmware
homey_pro_firmware
|
An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that al…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28952
|
2024-11-21 14:23 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200946
|
8.8 |
HIGH
Network
|
secomea
|
gatemanager_firmware
|
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.
|
CWE-352
Origin Validation Error
|
CVE-2020-29030
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200947
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29029
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200948
|
6.1 |
MEDIUM
Network
|
secomea
|
gatemanager_firmware
|
Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29028
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200949
|
7.2 |
HIGH
Network
|
secomea
|
sitemanager_firmware
|
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea…
|
CWE-863
Incorrect Authorization
|
CVE-2020-29020
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200950
|
7.2 |
HIGH
Network
|
secomea
|
gatemanager_8250_firmware
|
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateMana…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-29032
|
2024-11-21 14:23 |
2021-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
