|
208271
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27387
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208272
|
8.8 |
HIGH
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the T…
|
CWE-352
Origin Validation Error
|
CVE-2020-27692
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208273
|
6.1 |
MEDIUM
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27691
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208274
|
5.5 |
MEDIUM
Local
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27690
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208275
|
9.8 |
CRITICAL
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulner…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-27689
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208276
|
7.8 |
HIGH
Local
|
ea
|
origin
|
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-27708
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208277
|
5.4 |
MEDIUM
Network
|
evms
|
redcap
|
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27359
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208278
|
4.3 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27358
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208279
|
6.1 |
MEDIUM
Network
|
wso2
|
api_manager
|
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which mea…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27885
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208280
|
8.8 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary …
|
CWE-78
OS Command
|
CVE-2020-27887
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
