|
210511
|
7.5 |
HIGH
Network
|
wavlink
|
wn530hg4_firmware
wn531g3_firmware
wn572hg3_firmware
|
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a ce…
|
CWE-306
CWE-522
Missing Authentication for Critical Function
Insufficiently Protected Credentials
|
CVE-2020-10972
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210512
|
8.8 |
HIGH
Network
|
wavlink
|
wl-wn575a3_firmware
wl-wn530hg4_firmware
wl-wn579g3_firmware
|
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the…
|
CWE-20
Improper Input Validation
|
CVE-2020-10971
|
2024-11-21 13:56 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210513
|
5.4 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with conte…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11036
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210514
|
9.3 |
CRITICAL
Network
|
glpi-project
fedoraproject
|
glpi
fedora
|
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values.…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11035
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210515
|
6.1 |
MEDIUM
Network
|
glpi-project
|
glpi
|
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
|
CWE-601
Open Redirect
|
CVE-2020-11034
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210516
|
7.2 |
HIGH
Network
|
glpi-project
|
glpi
|
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.
|
CWE-89
SQL Injection
|
CVE-2020-11032
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210517
|
6.5 |
MEDIUM
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
|
CWE-22
Path Traversal
|
CVE-2020-10859
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210518
|
7.2 |
HIGH
Network
|
glpi-project
fedoraproject
|
glpi
fedora
|
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All ap…
|
CWE-200
Information Exposure
|
CVE-2020-11033
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210519
|
4.8 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another edit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11051
|
2024-11-21 13:56 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210520
|
5.3 |
MEDIUM
Network
|
ruby-lang
fedoraproject
debian
|
ruby
fedora
debian_linux
|
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buff…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-10933
|
2024-11-21 13:56 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
