|
209681
|
6.2 |
MEDIUM
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-12252
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209682
|
2.2 |
LOW
Network
|
gigamon
|
gigavue
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve dir…
|
CWE-22
Path Traversal
|
CVE-2020-12251
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209683
|
8.8 |
HIGH
Network
|
beeline
|
smart_box_firmware
|
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute tra…
|
CWE-78
OS Command
|
CVE-2020-12246
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209684
|
7.5 |
HIGH
Network
|
onkyo
|
tx-nr585_firmware
|
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as d…
|
CWE-22
Path Traversal
|
CVE-2020-12447
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209685
|
9.8 |
CRITICAL
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequen…
|
CWE-22
Path Traversal
|
CVE-2020-12443
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209686
|
9.8 |
CRITICAL
Network
|
ivanti
|
avalanche
|
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
|
CWE-89
SQL Injection
|
CVE-2020-12442
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209687
|
5.4 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Open-AudIT 3.3.0 allows an XSS attack after login.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12261
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209688
|
7.7 |
HIGH
Network
|
tiny_file_manager_project
|
tiny_file_manager
|
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scop…
|
CWE-22
Path Traversal
|
CVE-2020-12103
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209689
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor …
|
CWE-79
Cross-site Scripting
|
CVE-2020-12438
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209690
|
7.7 |
HIGH
Network
|
tiny_file_manager_project
|
tiny_file_manager
|
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the fi…
|
CWE-22
Path Traversal
|
CVE-2020-12102
|
2024-11-21 13:59 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
