|
200981
|
8.8 |
HIGH
Network
|
rainbowfishsoftware
|
pacsone_server
|
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-29163
|
2024-11-21 14:23 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200982
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2020-29005
|
2024-11-21 14:23 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200983
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2020-29004
|
2024-11-21 14:23 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200984
|
4.8 |
MEDIUM
Network
|
online_news_portal_project
|
online_news_portal
|
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29241
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200985
|
7.2 |
HIGH
Network
|
merkuryinnovations
|
geeni_gnc-cw028_firmware
geeni_gnc-cw025_firmware
merkury_mi-cw024_firmware
merkury_mi-cw017_firmware
|
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the REST…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29001
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200986
|
7.2 |
HIGH
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged a…
|
NVD-CWE-noinfo
|
CVE-2020-29000
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200987
|
7.2 |
HIGH
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28999
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200988
|
9.8 |
CRITICAL
Network
|
mygeeni
|
gnc-cw013_firmware
|
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-28998
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200989
|
7.5 |
HIGH
Network
|
projectsend
|
projectsend
|
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
|
CWE-287
CWE-404
Improper Authentication
Improper Resource Shutdown or Release
|
CVE-2020-28874
|
2024-11-21 14:23 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200990
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29019
|
2024-11-21 14:23 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
